Keeping IT infrastructure secure is a complex task and few small and midsized businesses can afford dedicated security specialists.

This goes a long way to explaining the popularity of unified threat management (UTM) appliances - single boxes which plug in to the company network to manage security. The market for UTMs has been expanding rapidly, with research house Gartner seeing 20.7% compound annual growth over the past four years.

Another reason for their popularity is that criminals are targeting smaller companies, says Lawrence Pingree, a Gartner analyst.

"Hackers have always targeted large enterprises but they generally have got good security defences," he says. "If they want to commit financial fraud or steal credit card details it is much easier for them to go after small and medium sized businesses which have no security staff."

So what exactly do UTMs offer? Key features include:

  • A corporate firewall to keep unwanted traffic off the company network.
  • Internet gateway security (which includes scanning incoming traffic for viruses, malware or malicious attachments and web address blacklisting).
  • A network intrusion prevention system (IPS) to prevent hackers attacking unpatched Windows PCs and servers.
  • Secure remote access, enabling employees to connect to the company network while out of the office.
  • The ability to update automatically with the latest security updates, anti-virus definitions and new features so that minimal manual intervention is required beyond initial set-up.

More advanced features may include: a web application firewall to protect the company website; secure wireless capabilities to enable guests to connect to the network; next generation firewall features, including the ability to control or prevent employee use of specific applications such as peer to peer programs.

Leading UTM vendors include Fortinet, Dell SonicWALL, Juniper Networks, Check Point Software Technologies, WatchGuard and Sophos.

Simplicity

The benefit of a UTM for smaller businesses is simplicity -a single purchase covers every security need, and all the security features can be controlled and configured from a single management console. Some UTMs offer a base level of security in the initial purchase price, and extra security services, such as an intrusion protection system (IPS), can be enabled for an additional licence fee.

"The alternative is for a company to seek out point solutions for each of these security needs, but as well as leading to complex licensing there is also the question of having to carry out multiple device configurations and making sure that it all works well together," says Pingree.

But he warns that UTMs don't always provide the same level of protection as point solutions. "The protection you can expect from the IPS built in to most UTMs is much improved in recent years, but a specialist vendor's IPS is still likely to be better."

But for many companies the choice is actually between having a UTM-based IPS or not having one at all, he points out, so this difference is largely academic.

Compliance requirements

This can be particularly important for companies that have to be in compliance with security regulations for the industry or sector in which they operate.

"You can certainly satisfy some compliance requirements with a UTM, like running an IPS, but don't forget that satisfying compliance requirements involves configuring the appliance properly," says Pingree. "It's not enough to have a specific security capability in a UTM you buy - you have to know how to turn it on and configure it."

That should be less of a problem for medium sized companies than those at the smaller end of the scale, according to John Grady, a security researcher at IDC.

"The more complex your IT architecture, the more likely you are to have an admin who can configure a UTM," he says. "But even for small companies that have don't have an IT person with security skills, it's still much easier to manage a single UTM than to try and manage point solutions separately."

If configuration is too much of an issue - especially for small companies that are growing quickly and changing their IT infrastructure regularly - then there is always the option to buy a UTM through a managed security service provider who will configure the appliance remotely.