When the use of internet started rising and becoming an everyday need for many businesses and companies, so did the concerns for network security. This is when traditional firewalls and anti-virus packages became a mandatory need. As the years have rolled on, firewalls and anti-virus still very much at the heart of network and internet security have become just part of the solution. A firewall will filter on ports, protocols and connection states. If allowed, the traffic will filter through, and if denied the traffic is dropped. An anti-virus package will scan for viruses, and either quarantine or delete if found.
However today there are many other advanced threats, in which most are developed to fool firewalls and anti-virus packages. Therefore over the years as new advanced threats have emerged, so has the advanced techniques in combating these threats which go way beyond just a firewall and an anti-virus scanner.
Here is a list of the common security protection needed in combating such threats;
IPS/IDS (Intrusion Prevention/Detection System)
Zero Day Protection
DOS and DDOS (Denial of Service and Distributed Denial of Service)
Application Proxy Filtering on the application layer
Spam filtering
URL filtering
Anti-Phishing
Anti-spyware
Rootkit protection
DLP (Data Leakage Prevention)
Application control
NAC
VPN
The need for so many security features in one box resulted in the terminology UTM appliance. A UTM (Unified Threat Management) appliance is basically a firewall and many other security features all in one appliance. The Watchguard and Fortinet appliances mentioned in my network firewall recommendations are an example of UTM appliances.
UTM appliances are ideal for small to medium sized businesses. Rather than purchasing an anti-spam appliance, URL filter software, Firewall, IPS appliance, etc, they could just opt for an all in one with a UTM appliance which would save them lots of money.
However a larger, enterprise network would benefit more from dedicated appliances. Dedicated appliances give more granularity, control, and more processing power just to concentrate on a particular aspect. For example a company with inbound and outbound mail flow of around 20,0000 a day would require a dedicated SMTP appliance, with a dedicated administrator maintaining the appliance. A UTM appliance would usually not be suitable or capable for this type of mail flow.
Another reason in which a company may decide to purchase dedicated appliances or dedicated software for a particular job, for example a web filter, is because dedicated appliances are always much better equipped and have more powerful rules and granular settings to look after that particular threat. So a web filter program within a UTM firewall will never have as many settings and is as powerful as a dedicated web filter, designed and produced just to look web/url filtering.
Lastly, when using all and every feature a UTM firewall has to offer, this has a massive impact on the UTM firewall's performance. It is capable of only a small fraction of what it would be capable of if the UTM feature were disabled. This is another reason a company may purchase a dedicated appliance. They may already have a UTM firewall, which is looking after traditional firewall features and VPN, so rather than turning on a UTM feature such as the spam features for example which would have a performance hit on the appliance, they may just purchase a separate spam appliance, looking their emails for spam and viruses.
