What is a UTM Firewall and What Is Beyond It?

Dave Greenfield
April 19, 2021

In theory, Universal Threat Management (UTM) platforms should have long ago promoteefficiency: collapsing many security features into a single appliance. In reality, though, UTMs often became headaches in the making, putting IT on a vicious and costly lifecycle of appliance upgrades. 

How can you take the UTM’s benefits and avoid the scalability problem? Let’s take a look to find out what’s beyond the UTM and the future of network security. 

Firewalls Evolve Over the Years

Before the UTM, there was the basic firewall. It was a physical appliance installed at a location such as a datacenter or branch office. All traffic passed through the firewall for basic inspection of security policies based on network information such as the type of protocol or the source/destination addresses.  

Traditionally, port 80 of the firewall bore extra scrutiny because this is where web traffic came in. But as applications and networking evolved, firewalls needed to look beyond port 80 to make a determination whether or not a packet flow was malicious.  

As the industry started to adopt applications and services that shared common TCP ports, simply looking at the source or destination address and the TCP information wasn’t sufficient to detect malicious traffic. This led to the development of next generation firewalls (NGFWs) that look into the application layer to determinwhether or not a flow is malicious. 

UTMConverge Security into One Appliance

While firewalls are essentialcompanies need more than just a firewall in their security quiver. They also want malware inspection, intrusion detection and prevention, content filtering, and other security measures. These functions could all be separate appliances, or they could all be brought together into a single converged appliance. This new all-in-one security device is what became known as the UTM.

The concept of UTM is good—the execution, not so much. As enterprises enable more security functions and as traffic levels grow, the appliances require more processing power. Ultimately, this forces an appliance upgrade with all of the additional costs and complexity involvedFailing to do that leads to a trade-off between implementing the necessary security functions and reducing processing load to improve performance.  

What’s more, placing NGFWs and UTMs in the headquarters or branch doesn’t reflect the needs of today’s business. Users operate anywhere and everywhere but they still must send all of their traffic back to these appliances for inspection, which is inefficient. The same can be said on the application side. With more users accessing resources in the cloud, first sending traffic back to a private datacenter for security inspection by the NGFW makes little sense and can damage the usability of SaaS applications. 

The Future of Enterprise Security is in the Cloud

There is a new and revolutionary way of delivering NGFW and other network security capabilities as a cloud service. Firewall-as-a-Service (FWaaS) truly eliminates the appliance form factor, making a full stack of network security (URL Filtering, IPS, AM, NG-AM, Analytics, MDR) available everywhere. single, logical global firewall with a unified application-aware security policy connects the entire enterprise — all sites, remote users, and cloud resources. Gartner has highlighted FWaaS as an emerging infrastructure protection technology with a high impact benefit rating. 

FWAS is an integral component of a Secure Access Service Edge (SASE) networking platformSASE converges the functions of network and security point solutions into a unified, global cloud-native service. 

Cato Has a Full Security Stack in Every PoP

Cato’s cloud-native SASE architecture converges SD-WAN, a global private backbone, a full network security stack, and seamless support for cloud resources and mobile devices. Customers easily connect physical locations, cloud resources, and mobile and remote users to Cato Cloud 

Cato uses a full enterprise-grade network security stack natively built into the Cato SASE Cloud to inspect all WAN and Internet traffic. Security layers include an application-aware FWaaS, secure web gateway with URL filtering (SWG), standard and next-generation anti-malware (NGAV), and a managed IPS-as-a-Service (IPS). Cato can further secure your network with a comprehensive Managed Threat Detection and Response (MDR) service to detect compromised endpoints. Zero Trust Network Access (ZTNA) is an integral part of the platform, tying security access policy back to user identity in and out of the office.  

All security layers scale to decrypt and inspect all customer traffic without the need for sizing, patching, or upgrading of appliances and other point solutions. Security policies and events are managed centrally using the self-service Cato Management Application. 

The Cato SASE platform spans more than 60 global Points of Presence (PoPs) located in nearly every region of the world. Each PoP has a full security stack, ensuring that security is conveniently applied to all traffic at the PoP before going to its final destination.   

The future of security is in the cloud, and it goes well beyond UTM. Cato’s SASE platform delivers that future now. 

 

 
 

Dave Greenfield

Dave Greenfield is a veteran of IT industry. He’s spent more than 20 years as an award-winning journalist and independent technology consultant. Today, he serves as a secure networking evangelist for Cato Networks.