Protecting the castle gates: UTMs and anti-malware gateways

Share this article:
Peter Stephenson, technology editor, SC Magazine
Peter Stephenson, technology editor, SC Magazine

UTMs and anti-malware gateways often are our key protection at the perimeter, says Peter Stephenson, SC Magazine's technology editor.

This month we are standing at the portal to our enterprise seeking entrance. Those who have heard me speak at conference sessions know that I am a great one for illustrative war stories, so here's one from my misspent youth. It takes me back to when I was at day camp in Indianapolis. There was “skit night” when the parents visited and the campers put on skits. One of the most popular involved a king in his castle. His page comes into the throne room and announces “Majesty, there is a man without the gate who seeks entrance.” To which the king predictably responds, “Well, give him the gate and send him home!”

Our products this month might substitute for the king's response: “Majesty, there is an unknown packet stream without the gateway.” The response: “Well, give it the boot and send it home!”

“...when the bad guys come knocking, we can give 'em the boot...”

– Peter Stephenson, technical editor,
SC Magazine

UTMs and anti-malware gateways often are our key protection at the perimeter. However, the notion of defense-in-depth may suffer if there is no client-side or endpoint protection in place. More important, in many cases we are seeing very little innovative advancement in the products that we looked at this month. That's a problem.

The nature of internet-borne threats is such that if we do not advance, we actually regress. There comes a point for both product groups where simply increasing the catch rate is neither enough nor practical. Newer and more innovative technology is what is needed here, perhaps more than anywhere on the enterprise. For UTMs, the traditional patterns are out the window. Now we can expect a competent UTM to have a lot of functionality. We also are reaching a point where the UTM will take over for the anti-malware gateway and, some mavens predict, the firewall as well.

Traditionally, the UTM was a combination of firewall, IDS/IPS and anti-malware gateway. Today, they all add something extra. It may be a broader interpretation of malware, including such things as anti-spam, protocol blocking and web content filtering. That puts them in the same ballpark as other products, such as anti-virus gateways and web filtering products. In fact, it is not uncommon for a vendor to submit the same product for multiple functions, all of which are services of the product, which the vendor calls a UTM. As we have written in the past, the UTM has supplanted the multipurpose appliance of years past.

As a function of the UTM, anti-malware gateways might be expected to go the way of the dinosaur. To be sure, our crop of products this year was somewhat smaller than it has been in the past. But the product is not dead yet and we saw some good examples of the current state of the practice. Overall, the products we saw are focused on stopping all types of malware threats at the perimeter. There are arguments in favor of using a suite of products at the perimeter as opposed to using a single gateway. Some of those include defense-in-depth, performance and the ability to distribute protection widely in an enterprise with an imprecise boundary, such as an online banking system that really consists of multiple layers or subnets, some of which are internet-facing, some of which are not directly touching the internet, all of which need protection.

So, like our mythical king, whether we select a UTM, anti-malware gateway or some combination, when the bad guys come knocking, we can give ‘em the boot and send them packing.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Reviews

Managing access is a tricky, multilayer process

Managing access is a tricky, multilayer process

This month we look at network access control (NAC), identity management (IDM) and data leakage prevention (DLP) tools.

Protecting email both ways

Protecting email both ways

Protecting your organization from attacks brought into the system by email is an ongoing challenge, says Peter Stephenson, technology editor.

Attestation at its best

Attestation at its best

Private Core vCage protects systems. It's a little complicated under the covers, but in practical use is simplicity itself.