According to IDC, UTM (Unified Threat Management) security appliances are defined as:
UTM security appliance products include multiple security features integrated into one box. To be included in this category, as opposed to other segments, the appliance MUST contain the ability to perform network firewalling, network intrusion detection and prevention, and gateway antivirus (AV). All of the capabilities in the appliance need not be utilised, but the functions must exist inherently in the appliance. In these products, the individual components cannot be separated.
Basically, UTM security appliances are charactered as some integration of the follow 6 features in one boxes:
- * Firewall – these devices are typically deployed at the network perimeter, and therefore robust, stateful firewall capabilities with NAT are required.
- * VPN – often deployed as branch office solutions on a corporate WAN, the ability to create a small number of secure VPN tunnels is essential.
- * IDS/IPS – a firewall only enforces policy, and if that policy includes allowing inbound HTTP traffic to Web servers on the DMZ, then there is nothing the firewall can do to prevent HTTP exploits from subverting the target Web server. The IPS capability will detect and block such attempted exploits at the network perimeter, preventing the malicious traffic from ever reaching the server. An IDS-only capability can detect exploits and raise alerts, but will be unable to block the malicious traffic.
- * Anti Virus – gateway Anti Virus prevents inbound virus traffic at the edge of the network, thus reinforcing desktop security solutions and blocking viruses before they reach the desktop. This solution can also prevent infected machines from propagating viruses outside the corporate network.
- * Anti Spam – gateway Anti Spam can tag inbound e-mail, allowing it to be handled more effectively by desktop filtering solutions, or can block suspected spam mails completely. This solution can also prevent internal hosts from sending spam mail outside the corporate network.
- * URL Filtering – using a constantly-updated database of categorised URLs, a gateway URL filtering solution can prevent employees from accessing objectionable or inappropriate Web sites from the corporate network
- * Content Filtering – by scanning Web and mail traffic for specific content, a gateway content filtering solution can prevent objectionable or inappropriate material from passing into, or out of, the corporate network.
Telecom, Security and P2P 
Let’s check how SecureComputing define UTM. SecureComputing has one model of UTM products – SideWinder G2.
Unified threat management systems must at minimum:
Secure Computing® is the leader in the Unified Threat Mangement space with Sidewinder G2. The Sidewinder G2® Security Appliance provides Enterprise firewall appliance protection as well as Anti Virus by Sophos, SPAM Filtering by Cloudmark, Strong Authentication through SafeWord, Content Filtering using SmartFilter, traffic anomaly detection, IDS/IPS, and more. Sidewinder G2 provides defense-in-depth protections against the entire threat matrix around the clock.
UTM在IDG的预测中,有很不错的市场预期,但是其更多的应该是针对企业级尤其是SMB市场,迫于性能等各方面的设计本身问题因此决定了其定位。当然,大家都很眼红servgate、stonegate、fortigate等诸多utm厂商的成功,于是如astaro、kaspersky等页携手打造utm厂商,更不用提老牌的mcafee、symentec等安全厂商都已经投入了大量的精力。然而国内却很少有人做这方面的事情,据我所了解的是 原Netscreen创始人谢青已经在国内投资了一个公司在做utm方面的设计与产品化工作,其市场定位却是欧美市场,耐人深思的
中国信息安全市场。。。
同意UTM针对中小企业市场的定位。All-in-one 的形式会牺牲很多性能。 Crossbeam的定位就在高端,不把自己放在UTM市场里。哪位分析一下CrossBeam 与 Cisco 的机架式安全产品组合?
UTM如果能够利用ASIC以及诸多处理技术增强其核心处理能力,也有向大中型企业提供其能力的趋势;如果理论设计性能能够达到千兆线速(700m)左右,实际应用环境到达300-400m左右,如果在性能方面做到No.1必然也会有极大的潜力与发展前景。
试问天下 勇者为先~~~
romemeteor ,能和你交流一下关于utm产品的看法吗?
我的msn是kitfrog@hotmail.com
我目前在一家国外的安全芯片厂商做pm的
很希望能得到你的一些意见 ,谢谢
[…] UTM (Unified Threat Management) Definiti […]
[…] China, UTM (Unified Threats Management) has been rocketing in recent months, not only in the media, but also in the real market […]