Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Unified threat management (UTM) sounds like the kind of technology any organisation should have. After all, who wouldn't want a single device that can protect your organisation from most known cyber attacks? But can one box really do everything that's needed? And how easy will it be to manage?
"I have to say I'm a sceptic," says Geoff Bennett, product marketing director of StreamShield Networks. "What are the odds of world-class performance in all areas of security being sensibly merged into a single platform?" In an area such as security, where a failure in one part can result in an entire organisation being infected, compromising on quality is rarely an option. Most companies tend to pick individual devices for that reason.
But businesses are buying UTMs, and in ever-increasing numbers. IDC reports that more than 46,000 devices were bought in Western Europe during the first quarter of 2006, an increase of 10% over the previous quarter. UTMs appeal because managing single-purpose devices can be expensive and difficult.
UTMs have proved particularly popular with smaller organisations that don't have the budget for separate devices or the staff to manage them. The Greyhound Racing Association has installed SonicWALL devices in its various offices, not only to prevent incoming attacks, but also to improve bandwidth use. "We were having a lot of our bandwidth used for non-work related internet access by employees," says Mike Kelly, the association's HR manager. "There was potential for viruses and hacking."
By installing the SonicWALL UTMs, the body was able to identify infected machines, decontaminate them and prevent reinfection. The main reason for picking SonicWALL was to avoid management problems. "We already had a SonicWALL firewall, so it was a straightforward upgrade," explains Kelly.
The organisation now uses the UTM's content filtering features, as well as its intrusion prevention system, to block potentially malicious traffic, with the supplierss handling the management.
Too many cooks?
But as StreamShield's Bennett points out, the arrival of UTMs hasn't reduced the number of security incidents organisations have succumbed to. In fact, reports from the Department of Trade and Industry show that the number of infections and penetrations has increased over the past year. This suggests that while UTMs might have become more popular, it's not because they actually fix any more problems than previous technologies.
This may be because not all UTMs are created equal. Many vendors describe their devices as belonging to this category, but few agree on a definition. All concur that UTM is an approach that unifies various aspects of security, including firewalling. Indeed, virtually every network security vendor now offers UTM technology.
But after that, agreement breaks down. Opinions vary on what aspects of security UTM should encompass, although anti-virus, intrusion detection and web content filtering appear on most lists. Some argue that UTM needs to be a security appliance; others say it should be software that's installed on clients or hosts. Some claim it's a device that is simply capable of providing the power necessary for whichever security software the owner decides to install on it, while others insist it should have a unified management console. Yet another camp argues that it's enough if all the security components are unified in one place.
UTM, it seems, is more a state of mind than an exact definition. For example, SonicWALL's ability to download and install the latest version of McAfee's anti-virus technology onto individual clients as they appear on the network greatly appealed to the Greyhound Racing Association. With mobile devices typically avoiding the protection offered by perimeter security devices, some vendors argue that UTM needs to be performed in conjunction with host protection. Fortinet offers its own desktop protection software, while CA's UTM strategy is based on a unified desktop product that can be centrally managed.
"With a thriving laptop community, the perimeter is not where you should concentrate your efforts," says Simon Perry, vice-president of security strategy at CA. "The desktop is where you get the biggest advantages." His company's UTM includes a personal firewall, IPS, antivirus and anti-spyware, integrated under a single central management console.
As the capabilities of UTMs have increased and their definition blurred, so they have spread upwards from SMEs, to join devices from enterprise-grade suppliers who have started to reclassify their products as UTMs.
"We're now seeing penetration into the large enterprise," says Daniel Fleischer, senior research analyst for European enterprise server solutions at IDC. "It comes down to ROI." Managing different boxes, each with its own infrastructure, is very expensive.
As UTM is a collection of technologies, not of all which need to be enabled at the same time, it appeals to different markets. According to Andre Stewart, Fortinet's vice-president of sales, EMEA, public-sector organisations tend to be interested in all the security features of his firm's UTMs, while banks pick on one or two features, such as the firewall and intrusion detection system (IDS).
Login above or Register now and get unlimited access.
Already subscribed but have forgotten your login? Recover your password your here.