Boxing clever

UTM appliance vendors are adding advanced functionality to their products - but industry observers continue to highlight ongoing issues with the devices.

  • E-Mail
By  Sathya Mithra Ashok Published  August 1, 2007

"UTM systems have been around in one form or another since the start of the decade. It's only in the past few years, however, that the technology has entered the mainstream IT security market," says Shahnawaz Sheikh, regional sales manager for SonicWall.

And an entry it has been, especially in the Middle East market. Over the last two years, UTM appliances have become popular security choices for companies, with sales growing by 45% year-on-year according to some statistics. The attraction of these devices, especially in the Middle East, is easy to understand. Bundling in several security solutions (the minimum requirement is an IPS, firewall and antivirus package) in one go, the devices promise a one-box solution that can easily reduce the complexity that an IT manager may have to deal with, especially at the perimeter.

While most of these devices are being bought and implemented by SMBs, vendors and industry watchers believe that enterprises also use them in certain network topologies.

"Enterprises typically buy a firewall at every internet connection. In the last few years, as internet connectivity has become cheaper and more branch offices are connected directly to the net, enterprises have been investing in UTMs to provide protection. Almost 80% of all enterprise UTMs are employed in branch office infrastructure," says John Pescatore, VP and distinguished analyst for infrastructure protection at Gartner.

Just as more switch vendors are including security, so security vendors can include more networking functions.

Some vendors even argue that enterprises are beginning to use the UTM appliances at the core and gateway. While that point is debatable, it is true that the recent spurt in demand for the devices can be partly attributed to the fact that vendors are beginning to pack in more features.

One box to rule them all

"The first generation of UTM devices weren't unified in any way. Most of these early day appliances ran compute-intensive software applications in one-server-like boxes and this obviously created performance problems. The architecture has been updated since then and the second generation of products address this issue to a certain extent," says Pescatore.

As UTM appliances move into the second generation (some argue third generation) of operation, the type of features that are being packed in vary from vendor to vendor.

"Apart from the minimum functionality that most UTM devices come with, SSL VPN has been added recently, along with protecting peer-to-peer protocols such as interactions over Skype or across VoIP. The appliances have the potential to include a lot more functionality, including WAN optimisation. Fortinet has been working on traffic shaping, which is the beginning for WAN optimisation, and looking at compression and caching for the future," says Richard Steinnon, chief marketing officer for Fortinet who believes that devices with these features could be available within a year's time.

"WAN optimisation is very important since everything is becoming web-based. Appliances are also getting better on the hardware front. Secure will soon be launching an eight CPU box with 4Gbytes of memory. The appliances are becoming more powerful and there are fewer concerns over speed. We have just introduced a full-blown IPS in our appliances and added a new feature called Trusted Source. This is a reputation-based security option that checks back with our servers on the reputation of every IP address that tries to access a network. Our server definitions meanwhile are updated every four hours," says Tareque Choudhury, pre-sales manager for MEA at Secure Computing.

The problem areas

Between the development of UTM features and the large number of sub-1000 employee businesses in the Middle East, UTMs have become ever more popular in the region.

However, UTM devices come with their own set of problems chief among them being performance issues and the fact that they act as a single point of failure to network security. In fact, these are issues that have existed since the appearance of UTMs and what vendors suggest now are newer solutions.

"Concern over devices becoming single points of failure can be largely taken care of by clustering, as many users do," says Choudhury.

L K Pathak, senior manager for corporate communications at Elitecore says, "There is no doubt that, at some level, they are a single point of failure. But depending upon the situation, a single point of failure might be manageable with a standby. On the other extreme some may prefer to compare it with stand alone boxes and say that having separated boxes for firewall, IPS and so on just represents multiple single points of failure. If any of them fail, it could bring your network down. At least in the UTM model you just have to worry about one box, not several." (Elitecore is the owner of Cyberoam appliances.)

Some vendors though believe that UTMs can actually help ensure connectivity at the office.

"Often it is not the UTM device that becomes the single point of failure for the enterprise, but the WAN connection itself. This is why some UTM devices from Juniper are capable of providing other options for the office to re-route traffic. In this way, these appliances actually save the organisation from downtime instead of causing it," asserts Tarek Abbas, regional systems engineering manager at Juniper.

As for performance levels, Fortinet's Steinnon agrees that throughput could be adversely affected when more of the UTM's promised functionality is switched on.

"Having VPN in place can affect throughput by a certain amount. Switching on IPS and antivirus functions can do the same as well, taking away from network throughput and affecting optimal performance," he says.

Choudhury however disagrees, stating that an enterprise is likely to face the same performance issues even if they were to use different boxes for each of the functions.

All considered, UTM appliances still restrict the security solutions that an IT manager can choose from. IT managers can no longer pick from best of breed solutions and has to be satisfied with a single vendor solution package, as in the case of Fortinet, or have third party solutions bundled into the appliance, as is the case with Juniper.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code