Web Security Gateways and UTMs – CompTIA Security+ SY0-401: 1.1

As technology as improved, we’ve added more and more functionality to our security gateways. In this video, you’ll learn about unified threat management appliances and the functionality they bring to securing our network resources.

<< Previous Video: Load Balancers and ProxiesNext: VPN Concentrators >>

So far we’ve talked about routers and switches and firewalls and WAFs. We’re going to talk about other devices in the next module. One of the things that you’ll start to see in our industry, though, is the ability to collapse a lot of these functions into a single device. This is especially useful if you have a remote location, and you don’t have a lot of room, or you don’t have a lot of budget to be able to buy many, many different devices for those sites. You’ll hear this referred to as a Unified Threat Management device, a UTM device. You may also hear it referred to as a Web security gateway because very often it is the single gateway between a remote office and their access to the internet.

Inside of these devices you may have things like URL filters or content inspection engines that’s determining what website you’re going to and determining how that website is categorized. Is it an auction site? Is it a search engine site? Or is it perhaps a category of site you should not be visiting. It can allow or prevent access based on that. Many of these devices will also look for things like malware and spyware and viruses. They’ll go through your emails that are going back and forth and determine if it’s spam or not. There may also be functionality in there at the networking level to directly connect you to your provider through a CSU/DSU.

You could also see routers and switches are very common to have in these particular appliances. And of course– it’s an all-in-one appliance– it has to have a firewall inside of it as well. Occasionally you’ll also have things for additional security like IDS or intrusion prevention systems as well.

There’s a lot you can put in a single device. Now whether it does all of these things well or not is a different question, because you can also add on to that some network functionality to be able to shape traffic. Maybe you want to limit the bandwidth that’s being used for people doing streaming media and still allow traffic to go through for your Voice Over IP or your critical internet connectivity or critical applications.

That’s a lot to go into a single device. And very often these devices do suffer a bit for performance, and they suffer a little bit by functionality. Being a master of many things is a difficult prospect for any device. But usually you can get away in a small office with having a subset of these things, and at least being your first line of defense against some of these things coming into these locations.

So as you’re looking at what you’re buying or what you may be using in your environment, look to see, is a UTM? Is it doing many different functions? And you’ll be able to determine what of that UTM you’d be able to use for security in your environment.