The Advantages of UTM
The advantages have to do
with simplification and cost advantages. Less total hardware, simplified
management, and licensing. Lower Total Cost of Ownership (TCO) including
administrative expenses.
The disadvantages include
lower performance, vendor lock-in, single point of failure, limited feature
set, and difficult to scale in larger environments.
Included in the UTM
solution space is Next Generation Firewall Products (NGFW).
Research firm Gartner
defines UTM as a product that offers:
• Standard network
firewall functions;
• Remote Access and
site-to-site Virtual Private Network (VPN) support;
• Web Access Gateway
(WAG) functionality with anti-malware, URL and content filtering;
• Network Intrusion
Protection System (NIPS) focused on blocking attacks against PCs and servers.
The standard and
Next-Generation Network Firewall (NGFS) functions include:
• The ability to track
and maintain state information for communications to determine the source and
purpose of network communications.
• The ability to allow or
block traffic based on configured policy (which can be integrated with the
state information).
• The ability to perform
Network Address Translation (NAT) and Port Address Translation (PAT).
• The ability to perform
application aware network traffic scanning, tracking and control.
• The ability to optimize
a network connection (i.e. using TCP optimization).
Remote Access and
Site-to-Site VPN functions include:
• The ability to connect
multiple sites securely using a VPN (i.e. IPsec, SSL).
• The ability to have
clients connect from remote locations securely using VPN (i.e. Clientless SSL,
IPsec and SSL client).
• The ability to connect
to the device from a remote location for the purposes of management (i.e.
HTTPS, SSH).
Web Access Gateway
functions include:
• The ability to perform
URL filtering.
• The ability to perform
web application monitoring and control.
• The ability to perform
web Application Firewall (WAF) functions.
• The ability to perform
antivirus and anti-malware scanning.
• The ability to perform
HTTPS scanning (decode).
Network Intrusion
Protection System (NIPS) is tasked with detecting network attack traffic and
offers the ability to alter the action taken on the traffic based on policy. A
NIPS component offers a number of different options for detecting attacks,
including:
• The ability to detect
based on signature.
• The ability to detect
based on anomalous activity.
• The ability to detect
based on behavioral analysis.
No comments:
Post a Comment