The evolution of UTM

A scant decade ago, packet-filter firewalls were sufficient to protect against virtually all threats coming from the internet. Today, however, the number, variety and sophistication of threats against business networks have multiplied, and firewalls and antivirus software on desktops are no longer sufficient. This has led to the evolution of unified threat management (UTM) solutions, reports Fortinet’s Richard Stiennon *.

The evolution of security systems and software to the present unified threat management (UTM) appliance-type solutions is really a history of an ‘arms race’ between hackers, crackers and virus authors, and security vendors. Every time a new vulnerability is detected, new security mechanisms and measures are developed and put in place, but then some new way of getting past the defences or attacking the security measure is developed.

In recent years, ‘blended threats’ have been developed, which combine attack characteristics from different threat categories. Examples of these are trojans with embedded spam engines, or viruses with spyware payloads. The development of UTM technologies and products owes much to the emergence of these blended threats.

Although the focus of most security products thus far has been protecting the ‘choke-points’ of the network, the ‘blurring’ of the network edge, which is the result of a more mobile workforce, will require security vendors to think also about protecting each network node. This is where I see the next stage in the evolution of security.

A series of developments in network security are leading to the emergence of a comprehensive solution that could make the network itself more resilient to attacks. The next generation of UTM security devices will have security features added to core and access switches, and will provide additional network segmentation such as for transaction zones and departmental barriers.

This new generation of UTM devices will use Virtual LANs (VLANs) to provide granularity down to the device level, where it is needed. Switch functionality within the UTM device will enforce policy based on Layer 2 and 3 information. Data streams that are normal, and therefore allowed, would be filtered by additional IPS functionality. The IPS filtering ideally is performed directly within the switch. Connections to the internet and third parties would be made with firewall capabilities also embedded in the switch.

There will be three major incarnations of these super-UTM devices. The carrier and service provider will deploy them in an effort to filter out malicious traffic from their backbones. They would then be able to offer their customers ‘clean pipes’ at a reasonable cost.

The second incarnation is within the enterprise core, where these advanced UTM devices would segment and protect every department and ultimately every device, truly hardening the internal network for the first time.

And at the small office, or remote office, the greatest benefit will be realised. A single appliance will take the place of not only the numerous security devices needed to filter and protect, but also the router and switch.

The industry will see some major dislocations as security devices begin to incorporate networking features. Traditional router and switch vendors will find that their products, built on speed and simplicity, are not able to accommodate deep packet inspection and granular defence. Security vendors that have specialised in firewalls or IPS will find that they are being supplanted by more flexible products that combine security with networking.

* Richard Stiennon, chief marketing officer for Fortinet Stiennon, has more than 25 years of experience in the security industry. An acknowledged industry thought leader, Stiennon is perhaps best known for his tenure as VP of Research for Gartner’s Security and Privacy group. Previous roles include chief research analyst of IT-Harvest, an independent IT research firm, and VP of Threat Research for Webroot Software. Stiennon holds several patents, and has a BS degree in aerospace engineering from the University of Michigan.