UTM: A united front
- Article 3 of 33
- SC Magazine, August 2006
A single box that can protect your network from all known evils sounds great, but does the reality live up to the hype? Rob Buckley investigates.
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages
UTM, it seems, is more a state of mind than an exact definition. For example, SonicWALL's ability to download and install the latest version of McAfee's anti-virus technology onto individual clients as they appear on the network greatly appealed to the Greyhound Racing Association. With mobile devices typically avoiding the protection offered by perimeter security devices, some vendors argue that UTM needs to be performed in conjunction with host protection. Fortinet offers its own desktop protection software, while CA's UTM strategy is based on a unified desktop product that can be centrally managed.
“With a thriving laptop community, the perimeter is not where you should concentrate your efforts,” says Simon Perry, vice-president of security strategy at CA. “The desktop is where you get the biggest advantages.” His company's UTM includes a personal firewall, IPS, antivirus and anti-spyware, integrated under a single central management console.
As the capabilities of UTMs have increased and their definition blurred, so they have spread upwards from SMEs, to join devices from enterprise-grade suppliers who have started to reclassify their products as UTMs.
“We're now seeing penetration into the large enterprise,” says Daniel Fleischer, senior research analyst for European enterprise server solutions at IDC. “It comes down to ROI.” Managing different boxes, each with its own infrastructure, is very expensive.
As UTM is a collection of technologies, not of all which need to be enabled at the same time, it appeals to different markets. According to Andre Stewart, Fortinet's vice-president of sales, EMEA, public-sector organisations tend to be interested in all the security features of his firm's UTMs, while banks pick on one or two features, such as the firewall and intrusion detection system (IDS).
Performance issues
Worries about performance seem to have eased, as well. While do-it-all boxes aimed at the lower end of the market clearly can't scale up to the speeds needed by larger enterprises, companies such as Fortinet and Crossbeam have been producing enterprise-grade systems for some time, mainly by forsaking single-box appliances in favour of blade servers with hardware acceleration for specific tasks.
“What you're choosing is a blade to scale processing power,” says Nick Lowe, Check Point's regional director for Northern Europe. “As an application calls for more power, you just add a blade. You can't expect a £1,600 box to give the necessary performance and user numbers as you scale upwards.”
Chelsea and Westminster NHS Trust upgraded its Sun boxes to a Crossbeam C-Series UTM to get the firewall performance it required. “We needed price, performance, portability and scalability,” says Bill Gordon, assistant director of IT at the trust. With the Crossbeam in place, the trust was able to use the device's IDS features as well, while maintaining the performance it needed. “It's very easy to use, it's just one console. We've run penetration tests, and they've come up clean.”
IDC's Fleischer agrees that performance is no longer an issue for most enterprises. “If necessary, they'll just string six devices in series and turn on just one function on each box.”
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages