Logo Rob Buckley – Freelance Journalist and Editor

UTM: A united front

UTM: A united front

A single box that can protect your network from all known evils sounds great, but does the reality live up to the hype? Rob Buckley investigates.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Unified threat management (UTM) sounds like the kind of technology any organisation should have. After all, who wouldn't want a single device that can protect your organisation from most known cyber attacks? But can one box really do everything that's needed? And how easy will it be to manage?

“I have to say I'm a sceptic,” says Geoff Bennett, product marketing director of StreamShield Networks. “What are the odds of world-class performance in all areas of security being sensibly merged into a single platform?” In an area such as security, where a failure in one part can result in an entire organisation being infected, compromising on quality is rarely an option. Most companies tend to pick individual devices for that reason.

But businesses are buying UTMs, and in ever-increasing numbers. IDC reports that more than 46,000 devices were bought in Western Europe during the first quarter of 2006, an increase of 10% over the previous quarter. UTMs appeal because managing single-purpose devices can be expensive and difficult.

UTMs have proved particularly popular with smaller organisations that don't have the budget for separate devices or the staff to manage them. The Greyhound Racing Association has installed SonicWALL devices in its various offices, not only to prevent incoming attacks, but also to improve bandwidth use. “We were having a lot of our bandwidth used for non-work related internet access by employees,” says Mike Kelly, the association's HR manager. “There was potential for viruses and hacking.”

By installing the SonicWALL UTMs, the body was able to identify infected machines, decontaminate them and prevent reinfection. The main reason for picking SonicWALL was to avoid management problems. “We already had a SonicWALL firewall, so it was a straightforward upgrade,” explains Kelly.

The organisation now uses the UTM's content filtering features, as well as its intrusion prevention system, to block potentially malicious traffic, with the supplierss handling the management.

Too many cooks?

But as StreamShield's Bennett points out, the arrival of UTMs hasn't reduced the number of security incidents organisations have succumbed to. In fact, reports from the Department of Trade and Industry show that the number of infections and penetrations has increased over the past year. This suggests that while UTMs might have become more popular, it's not because they actually fix any more problems than previous technologies.

This may be because not all UTMs are created equal. Many vendors describe their devices as belonging to this category, but few agree on a definition. All concur that UTM is an approach that unifies various aspects of security, including firewalling. Indeed, virtually every network security vendor now offers UTM technology.

But after that, agreement breaks down. Opinions vary on what aspects of security UTM should encompass, although anti-virus, intrusion detection and web content filtering appear on most lists. Some argue that UTM needs to be a security appliance; others say it should be software that's installed on clients or hosts. Some claim it's a device that is simply capable of providing the power necessary for whichever security software the owner decides to install on it, while others insist it should have a unified management console. Yet another camp argues that it's enough if all the security components are unified in one place.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages

Interested in commissioning a similar article? Please contact me to discuss details. Alternatively, return to the main gallery or search for another article: