Boxing clever

UTM appliance vendors are adding advanced functionality to their products - but industry observers continue to highlight ongoing issues with the devices.

  • E-Mail
By  Sathya Mithra Ashok Published  August 1, 2007

Keeping all of those possible pitfalls in mind, vendors advise customers to be fully aware of the functionalities they need when investing in an appliance.

Of more importance is that users take the time out to test these devices in their own environments or consult independent third party test statistics to understand performance issues when functions are switched on.

"UTMs are not a replacement for any other security technology - either stand-alone boxes from us or software from any of our partners. It is a complementary technology that has to be linked and integrated across enterprise environments," says Juniper's Abbas.

"The bottom line is that these appliances do not, regardless of initial appearances, represent a universal solution for security in any organisation. They need to be designed and built into the security and network infrastructure of enterprises, just as is done with any other security measure or device," says Elitecore's Pathak.

The end is nigh?

For all their success in the region, some believe that the days of UTM devices are numbered. They point to the changing competitive landscape - where more switch vendors are building security elements into their products - as indicative of the trend.

"It's very much a competitive environment. At the higher end especially, switch vendors are adding some security functionality. This is completely natural since the direction is to link networking and security functionalities rather than separate them. In fact, systems that do not do security run the risk of becoming obsolete," says Fortinet's Steinnon.

"Just as more switch vendors are including security, so security vendors, such as Fortinet, can include more networking functions such as switching and routing. And since the hard part is including security, there is much more opportunity for the security vendors than there is for traditional switching vendors," he adds.

Juniper is another vendor which is extending its UTM functionality by adding routing capability.

Some vendors state that low-end competition is also on the rise with the entry of several, non-branded, cheap appliances which are making an appearance in the region. While these do not offer serious competition yet, they still have the potential to impact the market, especially as they come at nearly half the price of branded UTMs.

That being said, the real competition for UTMs might come from a rapidly maturing customer base, which is shifting from appliances and hardware to higher end software and extended integration across the infrastructure in order to achieve higher operational efficiency and coordination with business strategy.

"UTMs do a good job for SMBs. But with large enterprises and organisations there is the need for scalable and reliable solutions which, I believe, UTMs as we traditionally describe them might fail to meet. I have yet to see a suitably scalable UTM. At Cisco, we are leading the next stage in security where we believe that the network becomes the platform for delivering integrated security," says Cherif Sleiman, chief technologist for Cisco MEA, quite unsurprisingly.

Nevertheless, there are parts of the industry which believe that the UTM and what it signifies is far from an eventual demise.

"At Gartner, we consider UTMs and their functionality as part of the next generation firewall category. Unlike other analyst firms, we do not believe that UTM appliances are a separate category, they are just part of the firewall market. We will only see them change, modify and add on functionality for the future," says Pescatore.

"One key area that we see functionality emerge in is to address the growing threat of customised attacks on enterprises. Today's antivirus and IPSs are not very good at detecting these specific threats since they look only for known threat signatures on a global scale. We will see more functionality related to the behavioural analysis of executables that are delivered on incoming messages. That is the direction we are going to go in. That is how firewalls are going to change," Pescatore adds.

As UTM devices add more features, all indications are that these security appliances are here to stay - for a while longer at least.

Before you buy…

NME presents some of the top considerations CIOs should keep in mind when investing in a UTM device:

1. Know what you want the UTM for and where it will sit in the network.

2. Assess the functionalities that you would need in a UTM device - avoid buying features that you do not need.

3. Be aware that a UTM is not a standalone security device and has to be used in conjunction with other products/solutions and a strong policy.

4. Check the market thoroughly on the choices available to you.

5. Pick a vendor who has local support and service options, otherwise you run the danger of holding a dud box in a short time.

6. Always ask the vendor for a test run. Preferably ask it for independent third party test results with the appliance in question.

7. Invest in the UTM only after running a pilot in your own office to get a true measure of the issues you might face.

8. Remember to assess the performance of the device with as much of the functionality switched on as possible.

9. Remember to invest in a good management platform and reporting solution - many vendors believe that users do not monitor their UTM devices and lose out on efficiency due to inadequate reports.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code