This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
What is 'Best-of-Breed
Best-of-breed is the key phrase for one of the biggest arguments against UTM deployment: It's a code, thrown around by the folks who sell dedicated products, that means, "Our stuff is better than whatever was packaged with your UTM device." In effect, when IPS vendors argue against UTM on "best-of-breed" grounds, what they are saying is that their IPS is better than the IPS in the UTM firewall. Their product is Parmigiano-Reggiano; UTM is supermarket cheddar.
Of course, this is a matter open to debate. While it's often true that the specialized devices have more functions, features and flywheels than those in a UTM device, there are two reasons why you might not care:
- Many network managers have no need for the additional features in standalone devices. For example, standalone antivirus typically has an option to quarantine viruses, while UTM firewalls generally don't. That's fine, except experience has shown that antivirus engines almost never have false positives, and best practices are to simply delete messages rather than quarantine them.
- Often, you want a different set of features in an embedded firewall than you want in a standalone device. IPS is the perfect example: a technology that can be of use to almost anyone, yet only a few are willing to put in the time and energy to maximize value. A simple IPS that doesn't allow or require complex configuration is perfect
- for integration with a UTM firewall.
The lack of choice is a dominant, but not universal, characteristic among UTM devices. In the SMB space, it is rare to find choice except perhaps in antivirus (because everyone agrees that having different vendors for antivirus is the smart solution). In the enterprise space, vendors are making a more sincere effort to offer real choice when building UTM devices.
This was first published in June 2006