SMB

Being a small business owner, I heavily utilize network-based services and applications. So when my DSL connection is down, I'm out of business. Actually, I just get overly caffeinated because I head down to the local coffee ship.

I also use a shared web hosting service. Uptime is OK and it's painful when it's down, but that's maybe an hour a month on average - so it's tolerable. But I'm pretty pragmatic about that because no one is going to lose their job if they can't get to my web site. I certainly have no illusions of dependency here. So I pay my $8/mo and take the downtime with a smile.

But email is a different story. I use a hosted Exchange service because I absolutely cannot live without my Blackberry and like the calendar and contact integration. Truth be told, I haven't tried to live without my Blackberry for about 4 years, so I may not actually die. But I'm not willing to take the risk. The hosted service also lets me sync up my office PC with my MacBook transparently. It works well - pretty much all the time. Except today.

It seems one of the outbound mail servers (of course the one serving me) has found it's way onto the SpamCop blacklist. So basically I'm out of business. I am still getting inbound mail, but I've tried to send about 7 emails over the past 15 minutes and all of them have bounced. About 60% are using Barracuda (which evidently uses SpamCop) and the rest are random gateways. Bottom line is that my mail is rejected out of hand.

There is always collateral damage in any war, and in the war on spammers, the collateral is me.

The worst part is that I have no control. I can't make SpamCop remove the blacklisted IP address. I can't make my hosted email provider change the DNS address. And I can't send outbound email. So sorry if I owe you stuff and I can't get it to you. Hopefully this will be worked out by tonight. Worst case, I'll start sending mail via Yahoo!, but I'm hoping to avoid that.

Now I've got to grin and bear it for a few hours (hopefully) while they work it out. I'm not a big fan of grinning and bearing anything, but I'm not going to deploy my own Exchange server and Blackberry BES, now am I? I'm going to bend over and say "Thank you sir, may I have another!"

This month's SearchSMB column talks about UTM, within the context of the SMB market. So, that means "small UTM" just to be clear. If the column seems a bit short, well it is. That's because it was, let's say, heavily edited. Is it better? I don't think so because a lot of my informal vernacular has been gutted out. This is clearly not my style, but whatever. The points are the points, and at least they didn't mess with them.

I've got a unique style of writing, and if you couldn't tell I get a bit burned when it's messed with. But that's part of writing for some of the media outlets. So at the risk of getting into trouble, I'm going to post my original version here.

Of course, you can read the edited version here: http://searchsmb.techtarget.com/tip/0,289483,sid44_gci1205017,00.html

The Original:
SearchSMB column/tip – July 7, 2006

UTM is in your future
By Mike Rothman

The network security business has evolved rather incrementally over the years, largely driven by threats – as opposed to thoughtful architecture. First there was the token authenticator, designed to protect all of those crazy employees dialing up into a remote access environment.

Then as direct connections to the Internet hit widespread deployment in the mid-90’s, there was a need to protect those connections with firewalls. But firewalls were rather unsophisticated devices, so products that could detect an attack pattern (intrusion detection) came into vogue. Subsequently we’ve seen gateway anti-virus, anti-spam, web content filtering, anomaly detection, web application firewalls, and a host of other new products emerge to stop very specific threats.

You as a SMB technologist are sick of it. At least the folks I talk to are. All of these products have different management consoles, none work together, and most are marginally effective. We all know that you don’t have extra people or dollars lying around to maintain the status quo. You need to do more with less and you need to do it now.

One of my favorite sayings is “No mas box.” My clients don’t want to see any more appliances; they want integrated solutions or at least the visage of integration anyway. Thus a new product category called unified threat management (UTM) has emerged. Pioneered by folks like Fortinet, SonicWall and Astaro, but more recently being joined by pretty much every security vendor – these devices promise integration, convenience and protection from pretty much every threat out there.

Should you turn off your existing equipment and move to these new platforms? In a nutshell, the answer is most likely yes. Your choices are pretty straightforward, continue to renew the maintenance on your existing device(s) or buy something new. In many cases, given the competitive nature of the UTM market, out of pocket costs may be comparable to upgrade to a new device.

Even if you are talking about a 15-25% increase in year 1 cost for a new box, it’s worth it. You’ll save at least that much time in not having to troubleshoot different equipment when you have a problem and your protection will be broader.

That begs the next question, who do you buy it from? The answer largely lies in your comfort level. Each vendor has strengths and weaknesses. Some are built using mostly open source software; others have proprietary chips to get the job done. Given where the market is now, you should strongly consider your incumbent network security provider. In all likelihood they also offer a UTM device, and you already are familiar with the vendor and the management interface.

At a minimum, you should kick the tires of at least one or two other devices. Only by getting hands-on a few boxes will you figure out what is the best fit for your environment. But for SMB customers, UTM is the shape of things to come.