Technical Brief for UTMs

No longer are the days of big corporations being the "main target of cyber attacks and data breaches."[1] Over the years, hackers have gotten a lot smarter and "realized that the smaller the business is, the more vulnerable it is to cyber threats."[2] According to the Ponemon Institute, as much as "50 percent of small businesses have been breached in the past 12 months."[3] This occurs because most SMBs don't realize that they are vulnerable and therefore leave their data unprotected. Regardless of the size of the business, the "average total cost of a breach is $4 million."[4]

Traditional firewalls can only "block and accept network traffic based on IP addresses and ports"[5] and little else. This is becoming obsolete because many "modern applications send and receive packets over those ports that are normally ignored by traditional firewalls."[6] UTMs traverse this problem by allowing network administrators to block applications. However, for UTMs to successfully protect your SMBs network, it must be paired with a good "anti-virus, Web filter, anti-spam technology" as well as, "ISP and VPN functionality"[7] to from the best possible security measure for your small to medium sized business.

UTMs for SMBs

Unified threat management (UTM), "is the evolution of the traditional firewall into an all-inclusive security product able to perform multiple security functions within one single system."[8] This includes "network firewalling, network intrusion detection/prevention (IDS/IPS), gateway antivirus, gateway anti-spam, VPN, content filtering, load balancing, data loss prevention, and on-appliance reporting."[9] The "world market for UTMs was $1.2 billion in 2007,"[10] In the following segment, we will look at three "perimeter security applications designed and priced"[11] for the average small to medium business.

WatchGuard Firebox T10

The WatchGuard System Manager software allows the user to "manage a variety of functions, including creating and editing policies, managing certificates and subscription services, and configuring virtual private networks."[12] The Firebox T10 also gives "real-time data on traffic, bandwidth meter, traffic management and authentication lists,"[13] has three 1 Gbps Ethernet ports and supports up to two separate internal networks. The Firebox can "protect a wireless network, but it requires a separate wireless access point to connect the WiFi devices to the Firebox"[14] and can "sustained 200 Mbps firewall throughput and a 55Mbps UTM throughput."[15]

Possibly the best feature of the Firebox T10 is the Threat Map feature. The Threat Map provides a "color-coded world map of where potential threats come from on a daily basis, including the offending IP address, city where it is located, the protocol and port number being used."[16] With this, IP addresses can be better identified when trying to aggressively access the business' network through the provided log manager and search reports.

WatchGuard ranges from $215 - 600.

Cyberoam CR15iNG

Similar to WatchGuard, the CR15iNG is priced for the SMB and SOHO and sports many of the same features. While wrapped up in a simple interface for the user, the CR15iNG is extremely robust under the hood. Sporting a "firewall and intrusion prevention system, along with content security and a web UI,"[17] Cyberoam "boasts content filtering and instant messaging archiving and controlling, along with IT resources such as bandwidth management, traffic discovery and application visibility and control."[18] This UTM "also supports wireless WAN options and wireless backup capabilities."[19]

In addition to the traditional seven-layer OSI network protocol, Cyberoam adds an eighth layer: identity-based security. This additional "Human Layer" allows admins to "uniquely id users and control the activity of users based on username."[20] Due to this, it can "track attackers or victims by their username and provide administrators with visibility into the source of an attack. It also permits the administrators to control more effectively the activities of users on the network and the creation of reports based on the username."[21]

Cyberoam ranges from $430 - 650.

Check Point 1000 Appliances

Like other UTMs, Check Point "supports such enterprise capabilities as a next-generation firewall, central management, IDS/IPS, identity awareness, mobile access, antivirus, antispam, antimalware, and on one of its models, it supports antibot technology."[22] Check Point has "an eight-port gigabit Ethernet switch is built into all three models,"[23] along with a "gigabit Ethernet WAN interface and a DMZ interface"[24] and has an option for included 802.11 b/g/n wireless interfaces on the three models as well. "The main differences between the three 1100 models are the next generation firewall throughput, virtual private network throughput, and the aforementioned antibot technology due later this year."[25]

The Checkpoint 1100 appliances range in price from $470 - 630.

Creating UTM Parameters for URL's

The easiest way to "create UTM parameters for your links is by using the Google Analytics URL Builder. Using the above example, you would enter the following and click on the Generate URL button to get your link."[26] Helpful tips for UTM parameters include,

  • "Campaign Source (utm_source) - Required parameter to identify the source of your traffic, such as: search engine, newsletter, or other referral."[27]
  • "Campaign Medium (utm_medium) - Required parameter to identify the medium that the link was used upon, such as: email, CPC, or any other method of sharing."[28]
  • "Campaign Term (utm_term) - Optional parameter suggested for a paid search to identify keywords for your ad. You can skip this for "Google AdWords" if you have connected your AdWords and Analytics accounts and used the auto-tagging feature instead."[29]
  • "Campaign Content (utm_content) - Optional parameter for additional details for A/B testing and content-targeted ads."[30]
  • "Campaign Name (utm_campaign) - Required parameter to identify a specific product promotion or strategic campaign such as a spring sale or other promotion."[31]

Conclusion

Like many things in the tech field, there is no one size fits all solution for your SMB. It all depends on how easily your business could implement and maintain a UTM security system and what features you would expect to get. UTMs "provides the ultimate network security package with everything you need in a single modular appliance."[32] They can simplify your "IT security without the complexity of multiple-point solutions."[33] With intuitive interfaces you can "quickly create policies to control security risks and gain clear, detailed reports that will give you the insight you need to improve your network performance and protection"[34] and ultimately, protect your small to medium sized business.

SMBs that are in the "market for UTM products and are already running networking equipment from a particular vendor should stick with the same vendor, assuming they are satisfied with quality, ease of use and support."[35] "Standardizing on similar equipment reduces compatibility issues and lowers the learning curve for administrators."[36] SMBs that are looking for a change should consider WatchGuard, Check Point, and Sophos. "Sophos and WatchGuard stand out among the competition."[37]

Resources Cited

To view the references for this technical brief, select the "References" tab at the top of the page.