This article can also be found in the Premium Editorial Download "Information Security magazine: Compliance vs. security: Prevent an either-or mentality."
Download it now to read this article plus other related content.
Complement or Replacement?
For many, the question is not whether to use UTM appliances, but when, where and how to consolidate security services. Specifically, should UTM augment or replace best-of-breed products?
Forklift upgrades are costly and disruptive, but they also create opportunities to build the physical and logical network you want instead of one cobbled together over time; to use one contemporary interface instead of tracking half a dozen legacy product GUIs; and to improve security while cutting future capital and operating expenses.
"There's a generation of legacy firewalls out there like Cisco PIX that are really good firewalls, but they are just firewalls. UTM gateways do more to protect against threats that are relevant today," says Scott Lukes, eSoft vice president of marketing and product management. "However, if an enterprise has invested a lot in training and configuration, the last thing they're going to want to do is rip that [firewall] out just to get network antivirus."
Lukes says a company that wants to preserve a large, complex firewall/VPN may prefer secure content management (SCM) appliances that focus on specific enterprise applications over UTM. For example, instead of having your firewall scan email for viruses, spam and policy violations, offload all those tasks to an email security
appliance placed behind your perimeter firewall.
Crossbeam advocates a different approach. "We couldn't possibly re-create the thousands of hours that products like [Check Point Software Technologies'] Firewall-1 put into policy interfaces," says Wilder. Instead, Crossbeam lets its customers run best-of-breed security programs on blades within a UTM chassis, consolidating hardware not software.
In fact, many UTM products use some best-of-breed software. Gateway antivirus and antispyware are often sourced from Kaspersky, McAfee, Symantec and Trend Micro. Web filters and URL databases on UTM platforms include SurfControl and Websense.
These examples tap the primary best-of-breed advantage. Specifically, it is impossible for anyone to excel at everything. Such partnerships help UTM vendors focus on their own intellectual property, from high-efficiency hardware to unified interfaces.
This was first published in March 2007