This month's SearchSMB column talks about UTM, within the context of the SMB market. So, that means "small UTM" just to be clear. If the column seems a bit short, well it is. That's because it was, let's say, heavily edited. Is it better? I don't think so because a lot of my informal vernacular has been gutted out. This is clearly not my style, but whatever. The points are the points, and at least they didn't mess with them.
I've got a unique style of writing, and if you couldn't tell I get a bit burned when it's messed with. But that's part of writing for some of the media outlets. So at the risk of getting into trouble, I'm going to post my original version here.
Of course, you can read the edited version here: http://searchsmb.techtarget.com/tip/0,289483,sid44_gci1205017,00.html
SearchSMB column/tip – July 7, 2006
UTM is in your future
By Mike Rothman
The network security business has evolved rather incrementally over the years, largely driven by threats – as opposed to thoughtful architecture. First there was the token authenticator, designed to protect all of those crazy employees dialing up into a remote access environment.
Then as direct connections to the Internet hit widespread deployment in the mid-90’s, there was a need to protect those connections with firewalls. But firewalls were rather unsophisticated devices, so products that could detect an attack pattern (intrusion detection) came into vogue. Subsequently we’ve seen gateway anti-virus, anti-spam, web content filtering, anomaly detection, web application firewalls, and a host of other new products emerge to stop very specific threats.
You as a SMB technologist are sick of it. At least the folks I talk to are. All of these products have different management consoles, none work together, and most are marginally effective. We all know that you don’t have extra people or dollars lying around to maintain the status quo. You need to do more with less and you need to do it now.
One of my favorite sayings is “No mas box.” My clients don’t want to see any more appliances; they want integrated solutions or at least the visage of integration anyway. Thus a new product category called unified threat management (UTM) has emerged. Pioneered by folks like Fortinet, SonicWall and Astaro, but more recently being joined by pretty much every security vendor – these devices promise integration, convenience and protection from pretty much every threat out there.
Should you turn off your existing equipment and move to these new platforms? In a nutshell, the answer is most likely yes. Your choices are pretty straightforward, continue to renew the maintenance on your existing device(s) or buy something new. In many cases, given the competitive nature of the UTM market, out of pocket costs may be comparable to upgrade to a new device.
Even if you are talking about a 15-25% increase in year 1 cost for a new box, it’s worth it. You’ll save at least that much time in not having to troubleshoot different equipment when you have a problem and your protection will be broader.
That begs the next question, who do you buy it from? The answer largely lies in your comfort level. Each vendor has strengths and weaknesses. Some are built using mostly open source software; others have proprietary chips to get the job done. Given where the market is now, you should strongly consider your incumbent network security provider. In all likelihood they also offer a UTM device, and you already are familiar with the vendor and the management interface.
At a minimum, you should kick the tires of at least one or two other devices. Only by getting hands-on a few boxes will you figure out what is the best fit for your environment. But for SMB customers, UTM is the shape of things to come.