Unified Threat Management Guide for Managers


This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."

Download it now to read this article plus other related content.


What is 'Best-of-Breed

Best-of-breed is the key phrase for one of the biggest arguments against UTM deployment: It's a code, thrown around by the folks who sell dedicated products, that means, "Our stuff is better than whatever was packaged with your UTM device." In effect, when IPS vendors argue against UTM on "best-of-breed" grounds, what they are saying is that their IPS is better than the IPS in the UTM firewall. Their product is Parmigiano-Reggiano; UTM is supermarket cheddar.

Of course, this is a matter open to debate. While it's often true that the specialized devices have more functions, features and flywheels than those in a UTM device, there are two reasons why you might not care:

  • Many network managers have no need for the additional features in standalone devices. For example, standalone antivirus typically has an option to quarantine viruses, while UTM firewalls generally don't. That's fine, except experience has shown that antivirus engines almost never have false positives, and best practices are to simply delete messages rather than quarantine them.
  • Often, you want a different set of features in an embedded firewall than you want in a standalone device. IPS is the perfect example: a technology that can be of use to almost anyone, yet only a few are willing to put in the time and energy to maximize value. A simple IPS that doesn't allow or require complex configuration is perfect

    Requires Free Membership to View

  • for integration with a UTM firewall.
For network managers, "best-of-breed" has its own meaning: choice. In today's UTM environment, vendors tend to offer little choice when adding features to a UTM device. They partner with specific--dare I say it?--"best-of-breed" OEMs to add their features, or, in some cases, develop the expertise on their own. But rarely do they give the network manager a choice of products to enable or disable in the UTM firewall. When vendors say "best-of-breed," they really mean "best-of-a-commoditized-breed" when talking about other people's products, but "best-of-a-highly-differentiated-breed" when talking about their own.

The lack of choice is a dominant, but not universal, characteristic among UTM devices. In the SMB space, it is rare to find choice except perhaps in antivirus (because everyone agrees that having different vendors for antivirus is the smart solution). In the enterprise space, vendors are making a more sincere effort to offer real choice when building UTM devices.


This was first published in June 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: