IDC's definition of UTM information security hardware device is: It contains multiple security functions integrated into a single hardware device, which must include network firewall, network intrusion detection and prevention, and gateway anti-virus. All functions on this device do not have to be fully utilized, but must be built in, and individual components cannot be cut.
In order to test these devices, NSS Group more clearly defines the UTM device as a single device combining firewall, VPN, IDS/IPS, anti-virus, anti-spam, URL filtering, content filtering and other functions. The detailed definitions are as follows:
* Firewall: Deployed at the network boundary, a strong stateful NAT firewall is required.
* VPN: It is often deployed in the enterprise wide area network as a branch network solution, and basically needs to be able to establish a small number of secure VPN tunnels.
* IDS/IPS: Firewall can only enforce policy, if policy allows incoming HTTP traffic to web server in DMZ zone, firewall cannot prevent hackers from destroying target web server from HTTP protocol. The IPS function will detect and block intrusions like these that attempt to exploit the network perimeter, preventing malicious network traffic from reaching the server. The IDS function can detect intrusions and issue alerts, but cannot block malicious traffic.
* Anti-virus: Gateway anti-virus filtering can prevent inbound virus traffic at the network boundary, strengthen the security of computer desktops, block them before they reach the desktop, and the solution can also prevent internal computers from being infected by viruses from outside the corporate network. .
* Anti-spam: Gateway Anti-spam can flag incoming e-mail, allowing further processing by computer filtering solutions. Solutions to prevent internal hosts from sending spam outside the enterprise.
* URL Filtering: Using a continuously updated database of URL classifications, a gateway URL filtering solution prevents employees from accessing unpleasant or inappropriate websites from the corporate network.
* Content Filtering: Scanning web and email traffic for specific content, gateway content filtering solutions prevent objectionable or inappropriate content from passing through or emanating from the corporate network.