SMB - Unified threat management rebounds

Company officials admit that they are seeing a better response in selling the multi-purpose security gateways

The concept of UTM (unified threat management) and the devices that fit into the product segment are at long last finding a home in some enterprise IT environments.

Roughly five years after analysts first coined the UTM moniker to help define an emerging class of network appliances that offered integrated security applications on the same box, the technology and the market finally appear to have evolved to a point where large businesses are ready to buy, proponents of the tools maintain.

Ill-performing products, bad timing, and customer preferences for standalone, best-of-breed technologies traditionally prevented UTMs from winning over many large customers, but some experts say that the tide has turned and adoption of the devices is happening now.

And UTMs -- which typically include a firewall, anti-virus tools, e-mail and Web filters, and an intrusion detection system -- aren't just catching on inside the branch office environments of widely-distributed companies, experts maintain, but also in central corporate operations.

"When UTMs first came around, one of the biggest problems was the added overhead that it put on the connection. You put the device in line, and things would noticeably slow down," said Ray Turilli, network services manager for ASA Tires Systems, which makes software tools used by tire distributors and automotive e-commerce companies. "But now that you have devices with multi-core processors, they can do their job without causing connection speed problems," he said. "I think it's definitely worse now to try to deal with all the individual applications on their own, so you have the combination of more powerful technology and ease of use as drivers for taking another look."

In addition to building applications for use by its customers, ASA also hosts the software programs for some of its clients, including e-mail and electronic point-of-sale systems. As part of that business, the company has also found itself recommending UTMs to some of companies seeking to alleviate performance problems brought on by the security technologies they've been using, Turilli said.

"Even our larger customers are getting the message, and we're noticing more and more customers in general coming to us and asking about the best way to handle these [security performance] issues," he said. "They may not even know what a UTM is coming in, but when they see what it can do, they're interested because the last thing these companies want is to be bogged down by security."

ASA is using UTM technology supplied by SonicWall, which has been marketing the appliances to SMBs for a number of years but has retooled its product lineup in recent months to focus more of its efforts on the enterprise.

In late February, the company, which helped establish the firewall market, launched its new E-class of UTM devices aimed specifically at larger enterprises.

"The whole UTM concept was probably guilty of being over-hyped several years ago, especially in the sense of moving into larger environments, but even those customers are moving away from older standalone firewall technologies to devices that offer deep packet inspection and other functions," said John Cuhn, director of marketing for SonicWall. "A lot of this shift is about the available technology today, now that there are vendors like us balancing the features across multiple processing cores instead of a single processor or an ASIC the traffic moving through the device can be handled a lot better," he said. "Now that [UTM] can offer the ability to do full inspection across all the security functions without hitting traffic, I think we'll see UTM being pulled into a lot of different devices and into more enterprises."

Page Break

Rebranding unified threat management

In addition to products that won't cripple performance once all their features have been turned on -- one of the most common complaints made about earlier integrated security appliances -- vendors are also attempting to lure larger customers by eschewing the UTM banner for their systems.

Crossbeam, identified as a leader in the UTM market by IDC researchers, recently announced that it is moving away from the product terminology because the name has a "connotation that is tied to low-end solutions" built for SMBs. The company is instead marketing its high-end UTMs under the wording of "next generation security platforms."

Even analysts at Gartner are now labeling the tools traditionally positioned as UTMs as "next-generation firewalls."

At Fortinet, another vendor of UTM and network security appliances, company officials admit that they are seeing a better response in selling the multi-purpose security gateways as "consolidated security devices" when it comes to larger customers.

"Ultimately, people generally seem more confident today in the UTM-like approach, but the label has a bit of a distaste attached to it, so it works better to play up consolidation," said Anthony James, vice president of product management at Fortinet. "I think it's a bit of a misnomer, based mostly on the fact that the SMB is where UTM took off first, and the appeal is pretty much the same, but using the alternative positioning does seem to be accelerating interest with larger customers."

James also concedes that the UTM products of today are far more appropriate for use in massive computing environments than some of their forbearers.

A more significant concern for companies in the UTM space than re-educating customers around just what the products bring to the table is likely the competition that independent network security device makers face from giant rivals like Cisco Systems that are pushing aggressively into the space, some experts contend.

However, James said that it has yet to be proven that customers ultimately will be pushed to buy more of the security tools from such networking specialists, who he said are still struggling to piece together all the different elements of the products that they have acquired in recent years.

Any attempt to understand the promise of UTM in the enterprise, and any discussion of the technology in general, leads back to Charles Kolodgy, the IDC analyst credited with coining the term itself.

Kolodgy disputes the notion that UTM was ever truly considered a "dirty word" among enterprises and said that earlier products simply weren't architected to appeal to administrators of larger IT environments. Like many other IT trends, the UTM concept took something of a beating because it was over-hyped by the media and used by a large number of security companies selling different types of products under the name.

"I never saw it as a dirty word, it was more of a case of some perhaps putting too much into it, some that were too narrow, those were the initial complaints vendors," Kolodgy said. "The initial use cases and deployments were mostly fine; I think any negativity was related more to vendors using the term a lot and misconceptions of what these devices were supposed to entail."

The analyst said that today's UTM vendors, Fortinet and SonicWall in particular, have created UTM devices that should appeal to larger customers because they have the capability to handle more traffic and offer benefits from consolidation among the onboard security applications.

"[Consolidation] is one of the big drivers now, more people than ever are talking about reducing the number of vendors they have and the need for centralized management," Kolodgy said. "As much as the products getting better, those items are driving this renewed interest as much as anything."