What is a UTM Firewall?

In the early days of network security, a firewall merely filtered traffic based on ports & IP addresses. Over time, firewalls continued to evolve by keeping track of the state of network connections passing through the appliance, which we call "stateful." Unfortunately, cyber threats also evolved & diversified to meet these new challenges, organizations deployed multiple appliances, each with differing roles to defend against different classes of attacks:

  • A stateful packet inspection firewall allowed inbound & outbound traffic on the network
  • An additional web proxy filtered content & URLs while scanning with antivirus services
  • A separate Intrusion Prevention System (IPS) was often deployed to detect & block malicious traffic
  • An appliance was needed for spam filtering to filter junk emails & phishing attempts
  • VPN servers connected remote offices or allowed remote users to access company resources

As more & more threats evolved, the industry minted new types of appliances & services to meet the challenge, the traditional stateful appliance approach just could not easily scale to keep up with growing businsses. The complexity became too difficult to manage as network security setups began to resemble Frankenstein's monster with multiple bits & pieces everywhere in an attempt to cover every attack vector. Clearly, a new approach was needed.

The Introduction of UTM

In 2003, several vendors launched "all-in-one" security products to resolve this issue. IDC coined a new term for this new class of firewalls: UTM. By 2004 the name stuck & is still in use to this day.

UTM firewalls could now collocate multiple security services into one appliance, providing robust network protection against a plurality of attack types. To make managing & reporting easier on admins, manufacturers adopted all-in-one management interfaces where multiple services, features, policies, & rules could be centrally managed. Organizations no longer needed to deploy multiple devices--each with its own management dashboard & login credentials--to defend against blended threats.

How UTM Firewalls bring multiple security services into a single appliance

Benefits that UTM provided

  • UTM firewalls protected inbound & outbound traffic from a multitude of threats & attack types
  • Antivirus, anti-malware, & anti-spyware services could run concurrently to prevent attacks at the gateway
  • Integrated Intrusion Prevention blocked the exploit of vulnerabilities
  • Email filtering blocked unwanted emails like spam & email-borne threats
  • Web sites & web content could be filtered & monitored from the same central command dashboard
  • Control & visibility over traffic flows improved with Quality of Service enhancements & bandwidth management
  • Working remotely became more convenient with the ability to connect easily to remote locations with a site-to-site VPN
  • Simplification of complex networks allowed for dynamic routing, policy-based routing, & multiple Internet connections on a single secure network

The introduction of UTM firewalls drove an increase in overall network security & reduced complexity & cost, making advanced security options more accessible to small businesses or other SMBs where recruiting expensive IT talent could prove impossible.

On to the Next Generation

The most current iteration of firewall appliances are referred to as Next Generation Firewalls, or NGFWs. Next Generation firewalls include series such as SonicWall TZ & Sonicwall NSa, Sophos XG, & FortiGate firewalls. This current generation saw major improvements in the coordination & communication between the multiple services that UTM firewalls consolidated. Artificial intelligence, machine learning, & automation began to feature in these cutting-edge services, allowing for improvements in threat intelligence & response times that a human administrator alone could not reach.

In order to keep these even more advanced systems manageable, manufacturers heavily emphasized "Single-Pane-Of-Glass" (SPOG) management platforms in which all relevant dashboards & interfaces could be viewed & interacted with through a single portal or page, removing the need to bounce around multiple tabs while managing a network.

Benefits that NGFWs provide

  • Real-time, automated communication between services allows for devices to be isolated & quarantined after an incident until IT can respond
  • Cloud-based sandboxing technology allows for the quarantine & detonation of potentially harmful files
  • Everything from NAT policies, content filtering, user groups, access control lists, Wi-Fi, & more can be managed through a single screen
  • Emphasis is placed on maintaining network performance even with multiple complex security services operating in tandem
  • Integrated Intrusion Prevention with deep packet scanning
  • Ability to identity & control hosted & cloud-based applications

Next Generation Firewalls block more attacks than ever while providing stable performance & the ability to scale easily with an organization's growth.

Hungry for more knowledge?

Jump over to the Firewalls.com Knowledge Hub where you'll find frequent blog updates, videos, network security definitions, datasheets, & more!