Unified threat management (UTM), also known as integrated threat management (ITM), is an approach to information security that consolidates various security functions into a single hardware or software installation. Which one of the following is incorrect about UTM? (Wentz QOTD)
A. UTM may introduce a single point of failure.
B. UTM adequately aligns with the defense-in-depth strategy.
C. UTM simplifies installation, configuration, and maintenance.
D. UTM appliances are now typically called next-generation firewalls.
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. UTM adequately aligns with the defense-in-depth strategy.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
“UTMs are now typically called next-generation firewalls.” (Wikipedia) As UTM consolidates various security functions into a single hardware or software installation, it is subject to a single point of failure. It doesn’t comply with the defense-in-depth strategy because intruders face fewer layers of security controls. However, it does simplify installation, configuration, and maintenance because of the consolidation of security functions.
Reference
統一威脅管理 (UTM),也稱為集成威脅管理 (ITM),是一種將各種安全功能整合到單個硬件或軟件安裝中的信息安全方法。 關於 UTM,下列哪一項是不正確的? (Wentz QOTD)
A. UTM 可能會引入單點故障。
B. UTM 與縱深防禦策略充分吻合。
C. UTM 簡化了安裝、配置和維護。
D. UTM 設備現在通常被稱為下一代防火牆。