A new product category called unified threat management (UTM) has emerged. These devices promise integration, convenience and protection from pretty much every threat out there -- and are especially valuable to small and medium-sized businesses (SMBs).
Evolution of UTM
The network security business has evolved rather incrementally over the years, largely driven by threats -- as opposed to thoughtful architecture. First there was the token authenticator, designed to protect all of those crazy employees dialing up into a remote-access environment.
Then as direct connections to the Internet hit widespread deployment in the mid-90s, there was a need to protect those connections with firewalls. But firewalls were rather unsophisticated devices, so products that could detect an attack pattern (intrusion detection) came into vogue. Subsequently we've seen gateway antivirus, antispam, Web content filtering, anomaly detection, Web application firewalls and a host of other new products emerge to stop very specific threats.
SMB technologists are sick of it. All of these products have different management consoles, none work together, and most are marginally effective. SMBs don't have extra people or dollars lying around to maintain the status quo.
So should you turn off your existing equipment and move to these new platforms? Yes. Your choices are pretty straightforward: continue to renew the maintenance on your existing device(s), or buy something new. Given the competitive nature of the UTM market, out-of-pocket costs may be comparable to upgrading to a new device.
Even a 15-25% increase in year-one cost for a new box is worth it. You'll save at least that much time in not having to troubleshoot different equipment when you have a problem, and your protection will be broader.
UTM was pioneered by Sunnyvale, Calif.-based Fortinet Inc. and SonicWall Inc., and Burlington, Mass.-based Astaro Corp., but most security vendors offer UTM devices now. Each vendor has strengths and weaknesses. Some are built using mostly open source software; others have proprietary chips to get the job done. Given where the market is now, you should strongly consider your incumbent network security provider. In all likelihood it also offers a UTM device, and you are already familiar with the vendor and the management interface.
At a minimum, you should kick the tires of at least one or two other devices. Only by getting hands-on with a few boxes will you figure out what is the best fit for your environment. But for SMB customers, UTM is the shape of things to come.
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta. Reach him via email at mike.rothman (at) securityincite (dot) com.