IDC integrated concepts such as antivirus, firewall, and intrusion detection into a new category called unified threat management. This concept attracted widespread attention in the industry and promoted the birth of a market segment represented by integrated security devices.

UTM proposed by IDC refers to a specialized device composed of hardware, software and network technology. It mainly provides one or more security functions and integrates multiple security features into one hardware device to form a unified standard. Management platform. From this definition, IDC not only proposes the specific form of UTM products, but also covers a more profound logical category. From the first half of the definition, products such as multi-function security gateways, comprehensive security gateways, and integrated security equipment proposed by many security vendors can all be classified as UTM products; from the second half of the definition, the concept of UTM It also reflects the overall understanding and deep understanding of the security system after years of development in the information industry.

At present, UTM is often defined as a specialized device composed of hardware, software and network technology. It mainly provides one or more security functions and integrates multiple security features into one hardware device to form a standard unified threat. Management platform. The basic functions that UTM equipment should have include network firewall, network intrusion detection/prevention and gateway anti-virus functions.

Although UTM integrates multiple functions, they do not necessarily have to be enabled at the same time. According to the different needs of different users and different network sizes, UTM products are divided into different levels. In other words, if users need to enable multiple functions at the same time, they need to configure products with higher performance and richer functions.

Basic features

1. Build a higher, stronger and more reliable wall. In addition to traditional access control, the firewall should also play a comprehensive role in preventing spam, denial of service, hacker attacks and other external threats, and comprehensively detect the entire network protocol. layer of defense. Real security cannot just stay at the bottom layer. We need to form the effect of governance and achieve seven-layer protocol protection, not just limited to layers two to four.

2. High detection technology is required to reduce false alarms. As a serial access gateway device, once the number of false alarms is too high, it will have disastrous consequences for users. IPS is a typical example. The use of classification detection technology with high technical threshold can greatly reduce the false alarm rate. Therefore, for different attacks, different detection technologies should be adopted and effective integration can significantly reduce the false alarm rate.

3. It must be supported by a highly reliable and high-performance hardware platform. For firewalls in the UTM era, while ensuring network security, they cannot become a bottleneck for network applications. Firewalls/UTM must be supported by high-performance, high-reliability dedicated chips and dedicated hardware platforms to avoid UTM equipment in complex environments. Its poor reliability and performance pose a threat to the normal operation of users' core services.