TierSec

What can UTM offer?

As stated by IDC analyst, Charles Kolodgy, in SC Magazine (May 2, 2008): “IDC believes that UTM will remain the primary security solution for distributed environments, but within the enterprise it will evolve into an eXtensible Threat Management (XTM) platform. XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility. Future XTM appliances should provide automated processes – such as logging, reputation-based protections, event correlation, network access control and vulnerability management. Adding to the networking capabilities will be management of network bandwidth, traffic shaping, throughput, latency and other features, including unified communications.”

What is UTM and XTM?

Unified threat management created the idea that all of the the security services such as Intrusion Prevention, Firewalls, AntiSpam\Malware, must be available in a single console with correlated event binding.

XTM (eXtensible Threat Management) is the next step of UTM. XTM level security combines that all-in-one security model and blends it with a role based access control. Endpoints (such as laptops, phones, and tablets) and user both represented a combined identity. If a user was receiving a role that allowed them access to company resouces, that user would be considered more of a threat if accessing that data from a non-corporate device. The XTM could then make a decision to start recording and logging that activity with it or deny it all-together. Conversely, with the same user accessing the network from a corporate-owned device, there would be no problem.

The Next Step? HTM... What is it?

Holistic Threat Management (HTM) takes this idea to another level by taking into account all three aspects of the access: device, user identity, resource to be reached. Holistic threat management takes role based control and extends it by binding with a threat level that the user represents. The more sensitive the systems or data that the user has access to, the higher the threat-level represented by that user.