Unified threat Management (Unified Threat Management), in September 2004, IDC first proposed the concept of "unified threat Management", which is to put antivirus, intrusion detection and firewall security devices into unified threat management (Unified Threat Management, Short UTM) New category. IDC integrates concepts such as antivirus, firewall and intrusion detection into a new category called Unified Threat Management, which has attracted widespread attention in the industry and promoted the emergence of market segments represented by integrated security devices. UTM, presented by IDC, refers to a dedicated device consisting of hardware, software, and network technologies that provides one or more security features that integrate multiple security features into a single hard device and form a standard unified management platform. From this definition, IDC not only puts forward the concrete form of the UTM product, but also covers the more far-reaching logic category. Looking at the first half of the definition, many security vendors put forward a multi-function security gateway, integrated security gateway, integrated security equipment and other products can be classified into the category of UTM products, and from the second half, the concept of UTM also reflects the information industry after years of development, the overall understanding of the security system and a deep understanding. Currently, UTM is often defined as a dedicated device consisting of hardware, software, and network technology that provides one or more security features, while integrating multiple security features into a single hardware device to form a standard unified threat management platform. UTM devices should have the basic functions including network firewall, network intrusion detection/defense and gateway anti-virus capabilities.
Although UTM integrates a variety of functions, it does not necessarily have to be open at the same time. According to the different needs of different users and different network size, UTM products are divided into different levels. In other words, if the user needs to open a number of functions at the same time, you need to configure a relatively high performance, rich features of the product.
Basic Features
1. To build a higher, stronger, more reliable wall, in addition to the traditional access control, the firewall should also protect against spam, denial of service, hacker attacks, such as some external threats to the full protocol layer of comprehensive Detection network defense. True security cannot be confined to the bottom, we need to form the effect of governance to achieve seven-layer protocol protection, not just two to four layers.
2. To have high detection technology to reduce false positives. As a serial access gateway device, once the false positives, for users is a disastrous consequences, IPS is a typical example. High-tech threshold classification detection technology can greatly reduce false alarm rate, therefore, for different attacks, should adopt different detection technology effective integration can significantly reduce false positives rate.
3. To have a high reliability, High-performance hardware platform support. For the firewall of the UTM era, while ensuring the network security, it cannot become the bottleneck of network application, the firewall/UTM must be supported by high performance, high reliability special chip and special hardware platform. In order to avoid the UTM equipment in the complex environment of its reliability and poor performance of the user's core business to the normal operation of the threat.