Unified Threat Management Assignment: UTM Vs. Next Generation Firewalls

Question

Task: The work must be entirely your own. Any material from other authors must be correctly referenced in accordance with University regulations. Referencing entire paragraphs or paraphrasing them (i.e. rewriting them in your own words) is not acceptable. Use of references should support your argument, not be your argument. Any work found to be in breach of this will be dealt with officially.

UTM solutions have grown ever more popular over recent years and increasingly being deployed in modern networks.  Write a report of around 3000 words that cover the following:

• Explain the differences between UTMs and Next Generation Firewalls
• Describe the fundamental features of a UTM and give examples of additional security related features that are included by some vendors
• Explain how an enterprise UTM would be different from that of a small business one.
• Give suitable examples including hardware differences and why they need to be different
• Critically compare two UTM solutions around the £3,000 region.
• Use devices available in the UK
• Explain why more than one UTM device is needed on a computer network
• Explain also how their configurations would differ (i.e. what kind of attacks they would protect against).
• What types of attacks can a UTM not protect against?

Marks will be awarded for quality and depth of writing (that demonstrates understanding and application and not just indicating that you have read something) and also presentation (includes aesthetics).  You will also need to include an introduction, a reflective conclusion (i.e. not a

Answer

Introduction
It has been stated in the Unified Threat Management assignment that the data and network security has become critical for the business organizations in the present times. It is essential that the organizations implement new policies and mechanisms to protect the data sets. It is also necessary that the measures are taken at the administrative and technical level so that the security of the network and the data sets is improved. There are different forms of security devices and tools that have been developed. Unified Threat Management (UTM) is one of these types in which a single hardware or software is used to provide security across multiple levels [1].

The Unified Threat Management assignment describes the details of UTM and compares it with the next generation firewalls. The information on the two popular UTMs and the security aspects of UTMs is also discussed in the Unified Threat Management assignment.

Difference between UTM & Next Generation Firewalls
As per the information provided in the Unified Threat Management assignment, UTM is a concept that came up and evolves with the increased requirement of security over the years. There are new forms of security risks and attacks that can be seen. With the release of these new attacks, the developments in the security were done and UTM was developed by the security experts. This is the reason that UTM is considered as software and hardware asset and is often used as combination of the two. There are several features and security aspects that are included in the UTM, such as virtual private networks, deep packet inspection, Stateful filtering, and a lot more. The combination of all these security features is a benefit and a drawback as well. The centralization in one product can lead to performance impacts that may have a severe degree of implications. There are high-volume data packets that are transmitted in the corporate environment and the matching hardware may not be available. This may lead to the security gaps and loopholes [2]. Centralization can have a number of benefits as well, especially for the small and medical-scale businesses. For these set-ups, the instalment of a single device with multiple security features is easier rather than the installation of multiple devices to promote and manage the security. UTM is an integrated security device that includes a lot many security features and is specifically suitable for the SMBs. The features of the UTMs primarily come under the three sets as firewall or VPN, web gateway security, and message security. The security norms and mechanisms are then included under each of these three categories.

According to the research on Unified Threat Management assignment, the Next Generation Firewalls, also known as NGFW has been developed so that the performance lags present in the UTMs can be resolved and there is enhanced application control that can be applied over a cohesive architecture. Some of the complementary features that are present in the UTM are not included in the NGFW. Some of these include malware protection and web proxy [3]. These have been outsourced in NGFW so that the scalability rates are higher. There are technological advancements associated with NGFW as these perform better deep packet inspection irrespective of the protocols included in the same. This leads to the development of a dynamic and efficient access control leading to the resolution of most of the security concerns. NGFWs are also referred as the deep packet inspection firewalls that function irrespective of the protocol and provide enhanced security through the intrusion detection and prevention mechanisms. It is often seen that NGFWs are believed to be the same as intrusion prevention systems. However, these two are different as NGFW come with a lot many security capabilities which are not offered by the intrusion prevention systems.

There are certain studies that have been conducted on the case scenario of Unified Threat Management assignment which shows that NGFW is suitable for the large corporations and environments that experience excessive traffic and flow. These security components are also suitable for the increased amount of data traffic. The separation of the security assets is essential so that the scalability and resilience of the environment can be improved [4]. It is, therefore, suggested in regards to the case of Unified Threat Management assignment that the NGFW shall be used for large-scale enterprises and UTMs shall be used for the small and medium scale businesses. The primary criterion that is used to select the security product is the ability of the product to offer security irrespective of the scalability of the organization. Also, the product shall be able to meet the future growth of the organization and must fall in line with the functional needs.

UTM Features & Security
UTM is an idea that surfaced and develops with the expanded prerequisite of security throughout the years. There are new forms of security risks and attacks that can be seen. With the release of these new attacks, the developments in the security were done and UTM was created by the security experts. This is the explanation on the aspect of Unified Threat Management assignment that UTM is considered as software and hardware asset and is frequently utilized as combination of the two. There are a few features and security viewpoints that are remembered for the UTM, for example, virtual private networks, deep packet inspection, Stateful filtering, and significantly more. The combination of all these security features is an advantage and a disadvantage too. The centralization in one item can lead to performance impacts that may have a severe degree of implications. There are high-volume data packets that are transmitted in the corporate condition and the matching hardware may not be accessible. This may lead to the security gaps and loopholes. Centralization can have various advantages also, particularly for the small and clinical scale organizations [5]. For these set-ups as discussed in this section of Unified Threat Management assignment, the portion of a single device with multiple security features is simpler as opposed to the establishment of multiple devices to advance and deal with the security. UTM is an incorporated security device that incorporates a great deal numerous security features and is explicitly appropriate for the SMBs. The features of the UTMs essentially go under the three sets as firewall or VPN, web gateway security, and message security. The security norms and mechanisms are then included under every one of these three classifications. There are a number of organizations that have decided to implement UTM to avoid the additional cost of security that comes with the standalone systems and applications. It is necessary that the network security is upgraded so that the protection against the latest security threats is achieved. There are several security features as mentioned herein Unified Threat Management assignment that the UTM offers towards security.

• Malware protection through anti-malware tools
• Intrusion prevention systems
• Virtual private networks
• Firewalls
• Content and web filtering

There are some of the advanced security features as noted herein Unified Threat Management assignment that are also included in the UTMs, such as application control, access control on the basis of the user identity, data loss prevention, and many others. The main feature and function of any UTM device is to make sure that it offers enhanced security with minimal complexity. In order to address the various security threats, the use of inspections is done by the UTMs. The flow-based inspection is one of these types in which the data samples that are fed in the device are matched with the patterns already stored within to identify any suspicious activity [6]. The second category of inspection is the proxy-based inspection in which the reconstruction of the content is done and the complete inspection is performed so that the identification of the security threats may be done. In the case of the absence of any security concern, the content is provided to the end-user. However, in the case of the detection of a security issue, the removal of the identified issue is done before the content is shared. UTM has emerged as one of the latest approaches towards the security as it provides integrated handling and management of security so that the security of the organization and its data sets can be maintained and assured at all times. The IT team and professionals in the business organizations are required to be agile so that the determination and treatment of the security issues can be done in real-time. The use of UTM makes the tasks assigned to the IT professionals in the security team comparatively easier. There are three major features that are offered in the UTMs illustrated below within this Unified Threat Management assignment.

• Priority processing: There are several security events and issues that may be identified in the data sets associated with the business organization. All of these issues and flaws do not require immediate response and it is necessary that effective prioritization is done to treat these issues. The UTMs come with the advanced analytics capabilities which make it easier to prioritize the security issues [7].
• Programmatic protection: In the present times, there is advanced use of data that is done to carry out the business operations. Irrespective of the size of the IT and security team, it is manually impossible to carry out the analysis and protection mechanisms. The use of automated tools has become necessity and the use of UTM makes sure that the adequate level of automation is applied.
• Proactive Potential: The attackers have developed new mechanisms of the security attacks wherein it is difficult to identify the attacks even after they have occurred. The UTM provides proactive attack management capabilities through the intelligent hypothesis.

Enterprise UTM v/s SMB UTM
There are certain investigations on the context of Unified Threat Management assignment that have been led that show that NGFW is reasonable for the large companies and situations that experience extreme traffic and stream. These security parts are additionally reasonable for the increased measure of data traffic. The partition of the security assets is fundamental with the goal that the scalability and flexibility of nature can be improved. It is, along these lines, proposed that the NGFW will be utilized for large-scale ventures and UTMs will be utilized for the small and medium scale businesses. The essential rule that is utilized to choose the security item is the capacity of the item to offer security independent of the scalability of the association [8]. Likewise, the item will have the option to meet the future growth of the association and must fall in line with the useful needs.

There are; however, enterprise-level UTM that have also been developed that come with additional and advanced security tools and mechanisms. In the SMB UTM, the primary security features that are offered include VPNs, malware protection, web proxy, content filtering, anti-spam features, and likewise. The Enterprise-level UTMs come with some of the advanced features, such as application control, access control on the basis of the user identity, data loss prevention, and many others.

What is the difference SonicWALL UTM and Zyxel UTM in the context of Unified Threat Management assignment?
SonicWALL Unified Threat Management assignment
SonicWALL UTM comes with the multi-core architecture and there are security features, such as VPN, malware protection, anti-spam features, URL filtering, etc. offered. The SonicWALL UTM is a product of Dell that was a market leader in the field of security and UTM until a few years back. Till the organization dealt in the SMB UTMs, it was the market giant and a market leader in the field. The expansion of the products in the large-scale UTMs made it harder for Dell to maintain its market presence. There are; however, some of the special features that come SonicWALL [9]. The Dell SonicWALL NSA Series comes with the ability to scan anti-malware file without any upper limit on the file size. This is one of the unique features mentioned in this Unified Threat Management assignment that are usually not offered in most of the competitors. The product also comes with the independent port set-up and the enterprises can also set-up PortShield groups so that the single network switch can be developed. There is an online demo of the product that is available which assists the clients in the determination of the security features that are offered. Also, the user interface can be experienced by the customers through the online demos. The product comes with the deep packet inspection support and gives it the priority over the SSL connections. This is also one of the unique selling points for SonicWALL. 

The smallest units in the NSA units are made capable of integrated wireless controllers. The product has now been made compatible with the Android and Mac operating systems as well.

Zyxel UTM
According to the research on Unified Threat Management assignment it is evident that in the present day business firms, it is practically not possible to set-up multiple security tools and components for the purpose of network and data security. This can lead to excessive complexities which can become a severe security concern. There are compatibility issues that are also associated with the presence of multiple tools which may lead to further gaps and concerns. Zyxel UTM is one of the UTM solutions that provide an integrated security. There are eight major security features as illustrated below in this Unified Threat Management assignment that are included in this product.

• The first line of defense is provided by the UTM to protect the network from viruses and other forms of malware. The malware protection and scanning engine is included in the product.
• The mechanisms to deal with the intruders are included in the product as it comes with the 24x7 screening and protection from the intruders. The detection and prevention capabilities are included to deal with the intruders.
• Anti-spam features are included in the product so that the reduction on the unsolicited mails can be done and the overall business productivity can improve. The load of the email servers automatically comes down with the blocking of the spam mails.
• The firewalls are integrated in the product so that the filtering of the content is done and the entry to the intruders is not provided [10].
• The virtual private networking is enabled in the product so that the secure connections can be developed and used for improved security. These can be developed in the branch offices or with the business partners and others.
• Flexible load balancing is one of the essential features of UTM that has been included to that the sharing of the traffic load is possible and the overall reliability is improved.
• Effective bandwidth management is offered with the UTM as the bandwidth can be effectively divided between the application requirements and the users.
• Content filtering is included as the feature in the UTM so that the unwanted access can be blocked and the overall productivity can be improved.

The difference between the two UTMs is illustrated in the table provided within this Unified Threat Management assignment below.

Multiple UTM Devices
There are scenarios wherein more than one UTM device is needed in an organization. This is because vendor diversity is at times essential to promote the network and overall security. There are scenarios wherein the security issues come up with the detection of the algorithms that are used in the security tools.

The present Unified Threat Management assignment explores that the use of the multiple UTM devices make it easier for the business firms to avoid the security attacks and issues that may result with the use of the pattern detection and recognition of the security algorithms.

• The multiple UTM devices can provide security against the detection algorithms and the Brute Force attacks as the combination of the multiple security devices would make it harder for the attackers to carry out the attacks [11].
• The combination of the multiple UTM devices also lead to the protection from the integrity violations as the inclusion of advanced security features is done.

Drawbacks of UTM
There are some of the security loopholes that may come with the UTMs which are discussed in this segment of Unified Threat Management assignment. The combination of all the security features in one unit allows the IT team to carry out the management from a single point. However, there is also a single point of failure that gets introduced which may lead to the failure of the entire application. This can be improved with the deployment of the high-availability configuration; however, it may lead to the enhancement of the set-up and running costs. 

The UTMs may not be efficient in handling the large-scale cryptanalysis attacks. These attacks noted herein Unified Threat Management assignment are largely becoming popular in the present times as the attackers are analysing the encryption codes and algorithms. There may also be performance issues that may be experienced as the applications may not be able to handle the UTM security features applied all at once. In the case of network security, it is considered that the vendor diversity shall be promoted. The promotion of network diversity enhances the ability to induce greater security and flexibility. This is because the vendors may include varied security features. In the UTM, there is usually a single vendor that is involved. This makes it easier to detect the algorithms and security patterns that are involved.

Conclusion
Considering the overall discussion on Unified Threat Management assignment it can be stated that the use of UTMs in the business firms can offer improved security as there are several security features that are included in the UTMs. The UTMs are relevant from the security aspect as the installation of the multiple tools for security can bring in a number of security concerns. However, there are a few challenges as discussed above within this Unified Threat Management assignment that are associated with UTMs as well. These tools have a centralized point of security which makes them vulnerable to the single point of failure as well. The UTMs shall be used for the small and medium-scale firms so that the overall security can be promoted and effective management of the network and data security can be offered by the business firms.

The UTMs shall be combined with NGFW for the upgrading the overall security of the business firm.

References
[1] P. J. D. Jadhav, “Cloud Unified Threat Management System,” International Journal for Research in Applied Science and Engineering Technology, vol. 6, no. 4, pp. 1712–1715, Apr. 2018.

[2] Z. Trabelsi, S. Zeidan, and M. M. Masud, “Hybrid mechanism towards network packet early acceptance and rejection for unified threat management,” Unified Threat Management assignment IET Information Security, vol. 11, no. 2, pp. 104–113, Mar. 2017.

[3] M. Patil and S. Mohurle, “The Empirical Study of the Evolution of the Next Generation Firewalls,” International Journal of Trend in Scientific Research and Development, vol. Volume-1, no. Issue-5, pp. 193–196, Aug. 2017.

[4] S. Erdheim, “Deployment and management with next-generation firewalls,” Network Security, vol. 2013, no. 10, pp. 8–12, Oct. 2015.

[5] K. H. Huang, C. F. Wang, and C. C. Wang, “IPv4 and IPv6 Coexist in Unified Threat Management,” Applied Mechanics and Materials, vol. 121–126, pp. 923–927, Oct. 2018.

[6] A. Perloe and J. W. Pollard, “University counseling centers’ role in campus threat assessment and management.,” Journal of Threat Assessment and Management, vol. 3, no. 1, pp. 1–20, Mar. 2016.

[7] Gummadi, “Effective Utilization of Multicore Processor for Unified Threat Management Functions,” Journal of Computer Science, vol. 8, no. 1, pp. 68–75, Jan. 2017.

[8] X. Li, K. He, Z. Feng, and G. Xu, “Unified threat model for analyzing and evaluating software threats,” Security and Communication Networks, p. n/a-n/a, Jul. 2016.

[9] Sonicguard, “SonicWall Solutions For Unified Threat Management | SonicGuard.com,” www.sonicguard.com, 2020. [Online]. Available: https://www.sonicguard.com/Solutions-UTM.asp. [Accessed: 01-Apr-2020].

[10] Zyxel, “ZyWALL UTM,” www.zyxel.com, 2020. Unified Threat Management assignment [Online]. Available: https://www.zyxel.com/web/utm/utm_01.htm. [Accessed: 01-Apr-2020].

[11] S. C. Kilbane, “Agent selection and threat actualization in contamination cases: Predicting action from perpetrator behavior.,” Journal of Threat Assessment and Management, vol. 5, no. 3, pp. 173–187, Sep. 2018.