Unified Threat
Management (UTM) is a term used to describe the consolidation of several
security features into one device, protecting against multiple threat
types. The advantage of UTM is streamlined installation and management
of these multiple security capabilities.
The security features provided as part of the UTM
solution are:
Antispam — E-mail spam consists of unwanted e-mail
messages, usually sent by commercial, malicious, or fraudulent entities.
The antispam feature examines transmitted e-mail messages to identify
e-mail spam. When the device detects an e-mail message deemed to be
spam, it either drops the message or tags the message header or subject
field with a preprogrammed string. The antispam feature uses a constantly
updated spam block list (SBL). Symantec updates and maintains the
IP-based SBL. The antispam feature is a separately licensed subscription
service.
Full File-Based Antivirus — A virus is executable
code that infects or attaches itself to other executable code to reproduce
itself. Some malicious viruses erase files or lock up systems. Other
viruses merely infect files and overwhelm the target host or network
with bogus data. The full file-based antivirus feature provides file-based
scanning on specific Application Layer traffic checking for viruses
against a virus signature database. It collects the received data
packets until it has reconstructed the original application content,
such as an e-mail file attachment, and then scans this content. Kaspersky
Lab provides the internal scan engine. The full file-based antivirus
scanning feature is a separately licensed subscription service.
Express Antivirus — Express antivirus scanning is
offered as a less CPU intensive alternative to the full file-based
antivirus feature. The express antivirus feature, like the full antivirus
feature, scans specific Application Layer traffic for viruses against
a virus signature database. However, unlike full antivirus, express
antivirus does not reconstruct the original application content. Rather,
it just sends (streams) the received data packets, as is, to the scan
engine. With express antivirus, the virus scanning is executed by
a hardware pattern matching engine. This improves performance while
scanning is occurring, but the level of security provided is lessened.
Juniper Networks provides the scan engine. The express antivirus scanning
feature is a separately licensed subscription service.
Content Filtering — Content filtering blocks or
permits certain types of traffic based on the MIME type, file extension,
protocol command, and embedded object type. Content filtering does
not require a separate license.
Web Filtering — Web filtering lets you manage Internet
usage by preventing access to inappropriate Web content. There are
two types of Web filtering solutions. In the case of the integrated
Web filtering solution, the decision-making for blocking or permitting
Web access is done on the device after it identifies the category
for a URL either from user-defined categories or from a category server
(Websense provides the CPA Server). The integrated Web filtering feature
is a separately licensed subscription service. The redirect Web filtering
solution intercepts HTTP requests and forwards the server URL to an
external URL filtering server provided by Websense to determine whether
to block or permit the requested Web access. Redirect Web filtering
does not require a separate license.
