What is Unified Threat Management?

    UTM stands for Unified Threat Management and combines numerous security functions such as anti-virus and SSL inspection in a unified security solution on a shared platform. In practice this means: Instead of setting up individual security mechanisms in different systems, a “next-generation” UTM firewall is a single device that provides a uniform operating concept for the implementation of customized security guidelines.

    What makes Unified Threat Management (UTM) worthwhile?

    An average of 394,000 new malware variants are created every day (“BSI Lagebericht 2021”). But not only is the number of malware variants increasing dramatically, the quality of the attacks is also “improving”. Emotet was a particularly aggressive form of a ransomware attack, with cyber criminals encrypting the data and systems of companies and public institutions in order to extort funds. As a proactive counter to these existence-threatening scenarios, an investment in a next-generation firewall with Unified Threat Management (UTM) is more than worthwhile.

    What is a UTM firewall?

    A UTM firewall is an all-in-one solution that combines various security functions in a single system:

    • Protects the network against viruses, malware, spyware, or encrypted e-mail attachments with malicious content
    • Protects against attempted attacks even before they enter the network
    • Protects against access to undesired Internet content from within your network
    • Protects against novel, zero-day threats
    • Protects against unauthorized access to sensitive company data by means of network segmentation
    • Protects against the operation of unwanted services
    • Protects against spam
    Collage of LANCOM R&S®Unified Firewall products

    How does Unified Threat Management work in detail?

    The following mechanisms are used in Unified Threat Management firewalls, among others:

    Man holding light bulb on a laptop

    Anti-virus with sandboxing and machine learning

    Effective defense against malware and viruses is ensured by the firewall, which reliably detects suspicious files.

    To protect against as-yet unknown threats (zero-day exploits), suspicious files are first loaded into a protected cloud. In this isolated sandbox environment, the files can be securely and reliably tested.

    Analyses using third-generation machine learning based on billions of samples allows scanning and proactive blocking of threats based on their behavior.

    The cloud is hosted in Germany and complies with European data-protection policy.

    SSL inspection: Security guaranteed even with encrypted channels

    Data-traffic encryption is increasingly widespread and, although this is welcome from the secrecy point of view, there is the risk that malware can enter the systems via encrypted channels.

    Thanks to SSL inspection, even encrypted data packets can be scanned and filtered, applications detected, and security requirements successfully implemented.

    The UTM firewall becomes a trusted “man-in-the-middle” in communication, for example between a client and a web server.

    Man holds magnifying glass to a screen with analysis data
    Hourglass as a symbol of detailed filtering using deep packet inspection

    Deep packet inspection: Detailed filtering and validation of applications and protocols

    Deep Packet Inspection (DPI) protects against cyber attacks by precisely classifying the network traffic, protocols and applications, and it protects against data leaks.

    In contrast to Stateful Packet Inspection, which only checks the meta-data (header) of the data packets, DPI checks down to layer 7, i.e. the packet data itself. In this way, data packets are checked for viruses, spam and other undesirable content.

    Furthermore, detailed security policies actively regulate the use of certain applications, such as streaming services or browsers.

    IDS / IPS: database-oriented protection against threats

    The Intrusion Detection / Prevention System (IDS / IPS) maintains a database of known threats in order to protect the endpoints in the network from a wide range of hostile attacks, to issue warning messages in the event of an incident, and to terminate the communi­cation link to hostile sources.

    The underlying threat database contains a blacklist of IP addresses and detects patterns employed by malware in communication links, network scans, brute force attacks, and more.

    While the IDS / IPS system in IDS mode only generates warning messages if a rule applies to the data traffic, in IPS mode the system additionally blocks malicious data traffic. Should a false alarm occur, the admin can allow the data traffic.

    Colleagues discuss programming code in the office
    Stethoscope on tablet as symbol for Secure Web Gateway

    HTTP(S) proxy: Secure Web Gateway

    The HTTP(S) proxy in the UTM firewall serves as a “middleman” for filtering and analyzing network traffic down to the application level in order to defend against Internet-based attacks.

    Since this specifically concerns attacks from the Internet, we refer to a “Secure Web Gateway” (SWG).

    When the Internet is accessed, the proxy connects to the web server, uses its own HTTP(S) proxy CA to generate a pseudo-certificate for the website, and uses this to connect to the browser.

    As a Secure Web Gateway, the UTM firewall can use a proxy to analyze the data traffic, apply URL and content filters, and search for viruses.

    Application management and content filter: full control over permitted applications and content

    With the help of application management, admins themselves decide which applications should be allowed or blocked on the network.

    In order to increase network performance, trusted applications can also be redirected straight to the Internet or to an external remote site by means of local breakouts.

    A content filter also provides the option of defining category-based filter rules, for example for criminal, pornographic or violent content.

    This provides reliable protection of business integrity.

    Man stops wooden blocks from falling over with his hand
    Pane with program code written down with man working on PC

    VLAN: secure zoning of the network

    Segment your systems by means of VLAN zoning.

    By separating networks – for example the accounting network from the human resources network – unauthorized access to sensitive company data can be better restricted.

    With VLANs (Virtual Local Area Networks), this separation is not on a physical but on a logical level. All Ethernet packets are given VLAN tags that determine the zone affiliation.

    Which computers are allowed to communicate across zone boundaries, and under which circumstances, is controlled and monitored by the firewall.

    The simple decision for more security

    As you can see: Network security by means of Unified Threat Management is a complex matter. However, mastering it is not. The LANCOM R&S®Unified Firewalls are the first choice when it comes to manageable state-of-the-art IT security.

    In combination with the LANCOM Management Cloud you benefit twice: You can enforce uniform security settings, secure passwords, and secure ports not only automatically, but at all locations too.

    Collage of the LANCOM R&S®Unified Firewall products
    photo of Robert Beckmann

    Inquiry

    You have questions about our products or solutions, or are you looking for a LANCOM sales partner? Then let us know your wishes via contact form or feel free to contact us by phone.

    Inside Sales International Team

    Phone: +49 (0)2405 49936 122