Enterprise computing devices — including servers, desktops, laptops and mobile devices — are being attacked via an increasingly wide variety of methods. The cost of these attacks continues to rise, with a single data breach potentially resulting in millions of dollars in damages, which makes it important for organizations to prevent these attacks altogether, or at least minimize the damage they can do.

Unfortunately, it is not possible to thwart these diverse attacks with a single technology — each major category of assault requires different defensive measures. Ultimately, a layered defense combining several types of tools and techniques must be implemented to effectively stop a range of modern attacks. However, because these disparate technologies are often installed as separate point products that do not directly interact with each other, their effectiveness may be reduced. Deploying so many point products can be costly resource intensive, and increase overhead and latency as well, since network activity must be repeatedly examined and in turn, analyzed by several different security appliances. Another disadvantage of multiple disparate products involves compliance reporting; it is far more complicated to produce the reports HIPAA, SOX and other legislative and regulatory efforts require when there are so many different unconnected sources of information for those reports.

UTM systems provide a more convenient way of achieving a layered defense because there’s only a single product to deploy, manage and monitor.

In response to these challenges, vendors have developed integrated systems that bundle all of these disparate point appliances into a single product, known as a unified threat management (UTM) system. UTM systems provide a more convenient way of achieving a layered defense because there’s only a single product to deploy, manage and monitor. Examination and analysis of network activity occurs once, not several times in succession, and the different layers of defense share information with each other to improve detection accuracy. There’s a single report that covers all the layers, making compliance reporting less of a headache.

Originally, UTM systems were created for small and mid-size organizations, which lacked the manpower and funding to deploy the variety of defensive measures required to thwart the rise of system attacks. However, enterprise executives often considered the use of multiple methods to be overkill. A UTM provided a single security appliance for these organizations, and reduced labor and infrastructure costs.

UTM systems have since expanded to also address the needs of large enterprise markets, and have become significantly more scalable, making them able to handle higher volumes of network traffic. Many large enterprises have found that having a single interface for security control management and reporting is a huge advantage, even if the other benefits of UTMs don’t necessarily apply.

The security capabilities that comprise UTM systems are nothing new, as most of them have been available for many years as point appliances.