(Joel Snyder, TechTarget) If you've bought a firewall in the last 3 years, you've bought a UTM firewall: a device that will not only control traffic based on policy, but also one that has other built-in threat mitigation technologies, such as antivirus, intrusion prevention and content filtering. UTM features have been around for longer than that, but the market universally moved to UTM about 3 years ago for all but the biggest and smallest of devices. There are lots of reasons for this shift, including a desire to provide better security and adapt to current Internet threats.

However, one cynical reason for the shift to UTM should be kept in mind as you investigate your new (or old firewall): UTM services are subscription services. Firewall vendors want to move their customers from a buy-once model to a recurring revenue model, where software updates, IPS rules, and antivirus/antimalware signatures add up to a steady trickle of revenue from each subscriber. This inherent conflict of interest means you need to evaluate what services you really want and need from your UTM firewall, so as to maximize the value of the subscription dollars you spend.

UTM firewalls are all over the map with additional security features that go beyond basic firewalling, but the three most common areas are antivirus/antimalware, intrusion prevention, and content filtering. Let's look at all three to see what makes the most sense for you. If you don't have a good feel for the terms "client-protecting" and "server-protecting," then you should review "How Many Firewalls Do I Need?" first.

Antivirus/Antimalware Solid Secondary Protection
UTM firewalls are great secondary antivirus/antimalware protection in a client-protective environment. If you have desktop antimalware, then adding UTM antimalware (hopefully from a different antimalware vendor) will provide a good level of secondary protection.