A Unified Threat Management Security Appliance Can Provide All of the Following Except What?
What is unified threat direction (UTM)?
Unified threat management (UTM) describes an data security (infosec) system that provides a single betoken of protection against threats, including viruses, worms, spyware and other malware, and network attacks. It combines security, operation, management and compliance capabilities into a single installation, making information technology easier for administrators to manage networks.
Dissimilar antivirus tools, a UTM system does non but protect personal computers (PCs) and servers. It protects an entire network and private users by scanning all network traffic, filtering potentially unsafe content and blocking intrusions. Many small and medium-sized businesses (SMBs) have adopted UTM systems, finding it easier to handle their infosec with a single system, rather than several smaller ones.
UTM systems combine multiple security features into a unmarried device or software programme. This tin aid because there are 5 master kinds of threats that organizations need to protect against:
- malware
- phishing and social engineering
- viruses, worms and Trojans
- hackers
- denial of service (DoS)
When dealing with these threats, a divide engineering science is typically required to resolve each effect. That ends upwardly existence more complicated than it needs to be, which is why UTM systems be.
UTM and next-generation firewalls (NGFWs) are both firewall technologies serving like purposes, simply they're also different in some central areas. NGFWs were originally developed to fill network security gaps left by traditional firewalls and include application intelligence and an intrusion prevention system (IPS), besides as DoS protection. UTM refers to the ability of a single device to perform the functions of an NGFW, firewall and virtual individual network (VPN), while an NGFW is a network security platform that provides a gateway between internal and external networks. The major difference betwixt these two firewall types is that a UTM organisation typically offers more features than an NGFW, such as an intrusion detection system (IDS) and spam filtering, since it is able to monitor and protect internal networks from intruders.
Learn more virtually the differences between unified threat management and next-generation firewalls here .
How UTM works
Understanding threats and identifying weaknesses to an organization'due south network are critical for security. A UTM system can assistance attain this past using 2 inspection methods that address different types of threats:
- Flow-based inspection. Menstruation-based inspection, also known every bit stream-based inspection, samples data that enters a network security device, such every bit a firewall or IPS. The devices inspect the data for malicious activity, such as viruses, intrusions and other hacking attempts.
- Proxy-based inspection. Proxy-based inspection is a network security technique that can exist used to examine the contents of packets that laissez passer into and out of a network security device, such equally a firewall, IPS or VPN server. Past using a proxy server to audit these packets, the network security device can act every bit a proxy to reconstruct the content entering the device.
Unified threat management devices
UTM devices are hardware or software that tie together network security features into one simple-to-use, easy-to-manage appliance. In addition to having a firewall, VPN and IPS, every UTM appliance supports network- or deject-based centralized management. For case, Cisco Meraki appliances use a cloud-based management tool that can be deployed remotely on a per-device footing.
Unified threat management features
UTMs typically include the following security features.
Antispam services
Antispam services or spam filters are designed to block or tag incoming email-based attacks by scanning inbound and outbound e-mail traffic for signs of a possible attack. Antispam systems use algorithms to detect spam by scanning message content for patterns that are associated with spam. Some systems look for certain words, others for specific linguistic communication patterns and others for whole discussion patterns using a process chosen Bayesian assay. If the message appears to be spam or malware, the contents are tagged or quarantined.
URL filtering and application control
UTM devices can perform many functions that help secure a corporation or other organisation's network, including Uniform Resources Locator (URL) filtering and application command. With application control, a UTM device can put specific applications on an allowlist and then they tin connect to the internet without dealing with spam content filtering or other security measures. Application control is commonly combined with a UTM device's firewall and other features to ensure that all traffic entering the corporate network is protected.
Firewalls
A firewall is a hardware- or software-based security mensurate that restricts access to a private network past monitoring incoming and outgoing traffic between different networks. It keeps unauthorized -- or malicious -- users from gaining access to data or resource such as file servers, printers and web servers. There are three main types of firewalls: packet filtering, circuit-level gateway and application-level gateway.
Intrusion detection systems and intrusion prevention systems
An IDS monitors the network for signs of a cyber attack, while an IPS takes action to stop attacks past neutralizing malicious traffic.
The goal of an IDS is to detect abnormal behavior so that it tin can be analyzed, recorded and reported. It can't actually cake whatsoever incoming threats, but it can notify an ambassador about an intrusion and log the activity for afterward analysis. An IPS, on the other manus, is a type of security engineering that can change network traffic to block malicious activities. An IPS feature can be added to an existing IDS or firewall.
VPN
The role of a VPN is to create a secure connection between two computers over a public network. This enables file sharing securely between co-workers, accessing data remotely or using whatsoever number of other services without fear that an outside political party will intercept the data. VPNs piece of work by using encryption to protect information from unauthorized access when crossing between public and private networks, thereby creating a secure connexion that is encrypted within a tunnel over the public net.
Content filtering
Web content filtering is a method of controlling what types of information tin can pass into or out of a network, using various filtering methods, such equally by Net Protocol (IP) address, port number or media admission control (MAC) address. Content filtering is used on networks to block unwanted content and to protect against data loss by filtering outgoing data to preclude sensitive data from being transmitted.
This was last updated in Apr 2021
Continue Reading About unified threat management (UTM)
- How to reduce risks with URL filtering
- Deep package inspection tools: Proxy vs. stream-based
- Making unified threat management a key security tool
- Security Think Tank: Approach UTM with caution
- Best unified threat management software
Dig Deeper on Network security
-
Explore 9 essential elements of network security
-
firewall
-
Side by side-generation firewall comparing based on visitor needs
-
Side by side-generation firewalls vs. traditional and UTMs
Source: https://www.techtarget.com/searchsecurity/definition/unified-threat-management-UTM
0 Response to "A Unified Threat Management Security Appliance Can Provide All of the Following Except What?"
Post a Comment