This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
|Click here for a comparison chart of enterprise firewall services (PDF).|
Enterprise UTM Defined
Today, nearly every enterprise firewall has sprouted new services. Table 1 (PDF) depicts a representative list of 20 high-end UTM products for large enterprises. VPN, a firewall staple since 2000, is now widely accompanied by IPS and antivirus. Antispyware, antispam and Web filtering appear frequently, but just 65 percent of these devices support all seven services.
Many of these services are options, activated by software license or expansion card. And available services are not necessarily all used simultaneously. Enterprise UTM products are configurable security platforms designed to give companies the ability to deploy functions where they are needed in the network, unlike the turn-key, all-in-one UTM boxes for SMBs.
"In the enterprise, you need flexible deployment based on the assets being protected," says Throop Wilder, co-founder and vice president of marketing at Crossbeam Systems. "At the perimeter, you may deploy firewall and IPS and antivirus and Web filtering. But in the data center, you're more likely to need XML firewall and Web IPS."
Ability to selectively activate services on UTM devices can be important to reflect centers of domain expertise and purchasing. For example, firewall and IPS may belong to the network group, while antivirus may belong to another organization responsible for email. With UTM, both groups can procure the same corporate standard platform, but use it to address different business risks.
Combining services can also improve reliability. Few enterprises are willing to put all of their eggs into one basket. Benefits of distributing load still apply to UTM. But with UTM, companies are no longer forced to string single-function clusters into intricately laced chains (see Figure 1, below). Instead, customers can decide how to allocate services to each UTM appliance. Ultimately, most will deploy fewer boxes, reducing links, subnets and potential failure points.
This was first published in March 2007