A guide to threat management
A comprehensive collection of articles, videos and more, hand-picked by our editors
In this how-to-buy guide, SearchSecurity expert David Strom offers guidance to help enterprises find the unified threat management (UTM) product that best suits their organizational needs when they're buying security. Learn more about UTM functionality, features, pricing and more. Be sure to also click through and read David Strom's take on three vendors' UTM models.
UTM: What it is, why enterprises need it
It is critical to understand the size of the network that needs protection and whether the product will be used at headquarters as well as in branch offices.
A UTM product offers enterprises a comprehensive suite of security functions wrapped up into a single product so there's no need for them to purchase or integrate separate devices. For a long time the product has been a staple of the security infrastructures of small and medium-sized businesses (SMBs), but in recent years the market sector has grown to include large enterprise options as well.
UTM products typically combine five basic features:
- Next-generation firewall
- Intrusion detection and intrusion prevention
- Network-based antimalware and antispam screening
- VPN connections
- Content filtering on outbound Web browsing to prevent phishing and browser-based attacks
UTMs mitigate a variety of risk vectors, such as malware, network-borne infections, botnets and others. A number of businesses are keen to leverage UTMs instead of a mix of the above-mentioned products because having a single UTM product not only reduces the number of different appliances needed, but it also simplifies the selection, purchase, implementation and management processes.
UTM market space options for buying security
The UTM market is full of competition -- there are more than a dozen vendors vying for the business of enterprises buying security, including Check Point Software Technologies Ltd., Dell Inc., Sophos, Juniper Networks Inc., Watchguard Technologies and others. Each vendor has multiple models in various shapes, sizes and throughput ratings, as well as a dizzying array of add-on options. On top of this, it can be quite difficult for enterprises to sort out vendors' claims and actual performance numbers without testing a few of the products in-house first.
When an enterprise is considering buying security, it's critical that it understands the size of the network that needs protection and whether the product will be used at headquarters as well as in branch offices. Knowing these two key points can greatly help to not only narrow down the list of candidates but also determine which unit to actually purchase.
Note: One major vendor, Cisco Systems Inc., is missing from this list. While it does not have a UTM device per se, Cisco is trying to gather its share of the UTM market. However, its Adaptive Security Appliance (ASA) requires the purchasing of two separate appliances (a firewall and an intrusion detection system, or IDS), so I cannot consider it to be a player in the UTM category.
UTM features: 'Nice to have' considerations
While the aforementioned five basic features are typically standard to a UTM, there are a number of other features that would be nice to have and should be on a short list of things to look for. These include:
- Integrated managed wireless access points. Chances are that an enterprise has a separate wireless network in its headquarters buildings, but when it comes to buying security for branch offices, several UTM vendors offer smaller boxes with integrated access points to make building a unified network infrastructure easier.
- Wide support of remote access connections. This includes SSL VPNs and personal peer-to-peer, or PP2P, connections on top of an IPsec VPN. The VPN support should include both site-to-site and remote connection configurations for Windows and Macs, and allow centralized management of all VPN connections that can be pushed out to the remote boxes easily. The tradeoff here is balancing the quick setup of the VPN with the complexity of the added features and connection types.
- Multiple Gigabit Ethernet ports. These ports make it easier to connect many wired networks. While enterprises probably have switches and routers to handle the physical infrastructure, having multiple ports on the box is helpful when an organization has to manage cabling needs.
- Multiple choices for built-in antimalware scanning engines. For example, Juniper's box has a choice of four antimalware scanners. There is some debate as to whether antimalware scanning even makes sense for enterprise-class UTM products, but it is needed for branch office and SMB implementations. So, if an enterprise plans on supporting smaller offices, it should know the product's scanning capabilities.
- High availability support. Several boxes have ways to fail over to a secondary box or to manage multiple upstream connectors to make them more redundant and up their availability.
Red-flag warnings: Features and speed
SearchSecurity's UTM how-to-buy guide
Product review: Dell SonicWall NSA
Product review: Check Point UTM
Product review: Juniper Networks' SRX Series
Actual performance may vary tremendously on these products, depending on whether an organization enables all of their protective features. In particular, antimalware scanning can significantly slow down the other elements. In short, vendor claims aren't always accurate. For that reason, it's always a good idea to test multiple products in your environment before you make a final decision about buying security. Some organizations may try to save time by skipping this step because it's time- and labor-intensive, but it really is necessary because of all the real-world UTM performance variables, many of which are organization-specific.
Pricing and vendor support
UTM products have complex pricing patterns and typically involve an annual subscription that enables all of the five basic protective features. For an additional fee, many vendors offer a support contract, which can vary from email-based support or discussion forums to limited, business-hours-only support or 24/7 live phone support. For example, Dell offers two support tiers with prices that can add several thousands of dollars per year to higher-end products.
UTM products typically have several different degrees of pricing freedom, including the number of users for the VPN portion, the size of the network-rated throughput and other factors that can make evaluating them complex.
Most models for small branch offices start at $2,500; models for medium-sized offices go for around $25,000; the boxes for large enterprises can command as much as $200,000. Note: This is just for the first-year purchase price. Annual software and support contracts can cost approximately $500, $5000 and $25,000 respectively. This is a big range, so it is important to find the most appropriately sized box that will work for an enterprise's needs.
About the author:
David Strom is a freelance writer and former editor in chief of several information technology publications. He has written for many TechTarget properties since 2000. His blog can be found at strominator.com,and he's at @dstrom on Twitter.
Author's note: The author does not have a paid relationship with any of the vendors mentioned in this article.