Individual point security solutions vs unified threat management system

The minimum requirement for a unified threat management system (UTM), is a firewall, VPN, antivirus and intrusion detection/prevention. UTMs have, however, evolved from this to incorporate additional capabilities which can include URL filtering, spam blocking and spyware protection, as well as centralised management, monitoring, and logging capabilities.

UTMs have been growing in popularity for the last few years and many people are now wondering whether individual point security solutions or a UTM, which incorporates several solutions, is the best answer.

The solutions provided by two major suppliers give an idea of what’s on offer. WatchGuard’s SOHO Edge series of UTMs, for example, combines stateful firewall, VPN, zero day protection, anti-virus, anti-spyware, anti-spam, intrusion prevention, and URL filtering.

Check Point’s UTM-1 appliance for the mid-market is very comprehensive providing a firewall, intrusion prevention, anti-virus, anti-spyware, VoIP security, web application firewall, instant messaging (IM) and peer-to-peer (P2P) blocking, and web filtering.

UTMs were designed to provide a range of security solutions in a single appliance, reducing costs and simplifying the whole process of security systems management and installation.

While the widest deployment of UTMs has been in SMEs, larger companies are also using them, as they too have begun to appreciate the benefits of less expenditure and easier centralised administration. Large companies are typically using UTMs to centrally secure branch and remote offices; or alongside their existing gateway firewall for the additional UTM functionality.

Cost is a key issue in the growth of UTMs, with common thought being that a UTM device can cost less than a quarter of the price of equivalent point solutions. UTMs’ significant cost savings come from lower pricing than buying and implementing the components separately, simplified and reduced installation, plus fewer ongoing management costs such as training, maintenance and upgrades. And of course, UTMs have only one dedicated platform to support.

Management is an important issue. For smaller companies with limited or no specialised knowledge of IT security, UTMs provide an easy way to manage the growing number of security threats.

Larger organisations using point solutions are often unable to scale the solutions to the number of sites they have, because of cost, installation, management and ongoing support issues. This can lead to organisations deploying reduced security and inferior policies at remote locations. UTMs can enable them to overcome these problems.

A stated disadvantage of UTMs is that they have a single point of failure with all security systems potentially down at the same time. This is typically dealt with by using high availability.

For any company looking at UTMs, it is essential to define requirements and thoroughly research the market, but going for an established name with a proven record in firewall security is a good way of establishing a shortlist. Bear in mind that there is no legal definition of a UTM and that there are significant variations between UTM appliances, both at the top and bottom of the market. The variations are on price, functionality, performance, scalability and most importantly security.

If you’re buying a UTM appliance you’ll typically be looking for three or more years’ life out of the device, so you’ll need considerable room for growth or an appliance that is licence upgradeable for both performance and function. Companies such as WatchGuard, Check Point and Nortel provide this kind of product. You’ll also need a firewall that has deep packet inspection as a minimum, not just stateful inspection.

Other key factors to consider with UTMs are future proofing and performance issues. Some UTMs have the ability to start out with just the functions required and then add additional functions, as the need arises.

Performance is another key element. Many UTMs aren’t designed for all the functions to work together, so performance can rapidly decline when all functions are switched on. This is often not apparent from the throughput statistics as the majority of published performance statistics are with most of the functions switched off!

In addition, as loads continue to rise over time (who’d have thought only two years ago that 10MB attachments can be fairly commonplace today) any purchase needs to either have significant additional capacity, or the ability to upgrade the box in the rack (i.e. licence upgradeability)

As different threats continue to emerge, UTM vendors are likely to add increased functionality to their products. As they do, it’s likely that more companies will want to use UTMs to simplify the process of securing themselves against the growing number and diversity of security challenges.

High Performance Anti-Spam

It should offers world-leading third party anti-spam plug-ins that provide relevant, continuous and real-time spam detection that is dynamically adjusted against new spam identification and circumvention techniques.

Anti-spam should reduces threat incidence in the form of phishing attempts, spyware and adware installations, promotes a safe workplace by controlling porn spam, in addition to enhancing enterprise productivity by protecting mail systems from spam.

It is compatible with all major mail systems, with black and white lists, text identification of spam and regular and frequent updates.

Advanced Spam Filtering

A future-proof solution, anti-spam offers advanced protection against the constantly evolving tactics of spammers. Anti-spam’s advanced heuristics monitor suspicious email traffic to determine spam probability based on weighted and contextually evaluated characteristics, studying the body of the message for words and word patterns typical to spam. Mail filtering is based on policies and rules set by mail size, attachment type, attachment names and keywords too.

Creation of approved sender lists both at the gateway and the mail server help administrators improve the accuracy and effectiveness of spam filtering over time and provide more customized filtering to each user.

Real-time Spam Detection

Anti-spam offers maximum spam detection with low false positives through relevant, continuous and real-time spam detection that is dynamically adjusted against new spam identification and circumvention techniques. Suspicious gray mail messages can be routed to mail server-side folders for end-user review.

High Flexibility

Policy-based configuration offers great flexibility, allowing administrators to easily assign variable catch sensitivities based on spam category and user groups, despite the complexity of the heuristics rules.

Flexible filter actions with options to delete, quarantine, tag or more enhance the flexibility, reflecting individual interpretation, tolerance levels and expected disposal options. Filter actions can be assigned based on spam likelihood and rate of accuracy.

Apart from the solution’s own black lists, the administrator has the flexibility to create its own black and white lists for accepting or rejecting a message as spam.

High Scalability

Designed to process and analyze large messaging volumes at high throughput rates to meet the needs of global enterprises, the anti-spam solution offers high scalability.

Centralized Management

Ease of installation, ease in

defining and managing policies are some of anti-spam’s centralized management’s benefits. Blended analysis and reports with relevant spam statistics such as spam volume, volume by category, accuracy and effectiveness, comprehensive reporting and auditing offer another layer of intelligence in threat management, enabling refinement of rule sensitivity and disposal options.

Unified threat management

Unified threat management: What is it and why should you care?

The security channel is wonderful about getting on board with technologies that customers really need. Why? Because when you live on gross margin, you get no dog yummies for jumping on technologies without mass-market relevance. If you don’t sell anything, you don’t get paid. That’s clear enough, no?

So many VARs have been tracking the adoption of unified threat management (UTM) gear and trying to figure out the right time to throw down. This has become increasingly difficult to determine because, as with pretty much every other security technology, the term UTM means something different to everyone.

Vendors have definitions that sound remarkably like whatever product they “used” to sell — like firewalls and/or IPS gear. Nearly every vendor says they do UTM now. Users are similarly interested in that they figure they’ve found a new way to save some money, so they’re likely to want to throw everything, including the kitchen sink, into the mix.

So what’s a reseller to do? I’m always a fan of taking a step back and examining the user need. Then you can get into specific architectures, decision criteria and ultimately who you want to do business with. But never put the cart in front of the horse. Remember, no demand — no gross margin — no paycheck.

The good news is that there is a real need for UTM technology, especially in the mid-market. Mid-sized enterprises have been fed a constant diet of increasingly narrow security technologies to solve terrifyingly narrow problems. They are now rebelling. They don’t want another box to solve another problem. They want leverage. They want simplicity. They want integrated management capabilities. And they want it now.

Many customers are willing to replace their existing gear because the ROI of a new box is pretty clear when compared to maintenance renewals and 24/7 support contracts on five or six disparate security products.

So this begs the question, what’s in a UTM product? That depends on who you ask, but basically you’ll see the following components:

  • Firewall/VPN (SSL and IPSec)
  • Gateway antivirus and antispyware
  • Antispam
  • Web filtering/Content filtering

Vendors may also increasingly add Web application firewall capabilities as that market matures. So basically UTM is one box to replace all of the mayhem currently sitting in the customer’s DMZ.

To be clear, there isn’t a lot of differentiation between the products. According to the data sheets, a UTM is a UTM is a UTM. So when you’re trying to decide which vendor to pick, your decision will come down to a few key issues:

  • Scalability — Do you cater to the SMB or enterprise? For the most part, scalability isn’t an issue for SMB customers, and for larger customers the architectural differences between products become clear once all of the UTM features are turned on (especially IPS and content filtering).
  • Hardware vs. software — UTM vendors fall into either the purpose-built hardware or software-on-appliance camps. Traditionally, hardware-based solutions (with their own custom chips) have scaled better but tended to be less flexible in adding new capabilities. As the market evolves, these generalizations may not hold, so I recommend you take the solutions you’re considering into your lab, and put them to the test. That’s the only way for you to really know what’ll work for you and your customers.
  • Open-source vs. proprietary — There are some solutions that are largely based on open source technologywrapped in a pretty interface. Other vendors have built all their own stuff.

Ultimately, the vendor(s) you choose will be largely driven by the technologies your customers already have. Changing vendors is risky and usually involves learning a new interface and maybe sacrificing some functionality. That adds friction to the sales cycle. We don’t like friction — it impacts margins.

So if your customer base is largely Cisco, Juniper or Check Point, you pitch the customers first on that solution. In the event the customer hates the incumbent (which is a real possibility), then bring a hardware-based solution (like Fortinet or SonicWall) and a software + appliance solution (like Astaro) to the table. Let the customer decide what is more important to them. Larger enterprises will be interested in modularity and flexibility, so Crossbeam is usually a good fit — in addition to the typical incumbents.

But get familiar with UTM and do it now. If you don’t I can guarantee your fellow VARs will be.

Methodology: Explanation of how data was collected/generated and analyzed An explanation of methodological problems and their solutions or effects

It constitutes two parts:

Ø  Mode of data collection or generation

Primary Data -Original data collected for a specific research goal

Ex: Questionnaire surveys; Interviews: informal or structured

Secondary Data -Data originally collected for a different study, used again for a new research question.

Ex: Published statistics , Published texts ,  documents, forms ,reports etc

Qualitative data -Data involving understandings of the complexity, detail and context of the research subject, often consisting of texts such as interview transcripts and field notes, but also audiovisual material.

Quantitative data -Data that can be described in terms of objects, variables and their values.