The firewall of yesteryear is no longer good enough to tackle today’s threats.
Lawrence Pingree, research director at Gartner
The overall UTM market grew from about $972 million in 2010, to $1.2 billion in 2011, according to the Gartner analysis issued last month, and growth is predicted to continue. UTM vendor heavy hitters Cisco and Juniper were over-taken by rivals Fortinet and SonicWall in 2011, thanks in part to broad product portfolios, according to Gartner Research Director Lawrence Pingree.
Gartner found that MSSPs heavily contributed to the increased adoption of UTM technology throughout 2011. Small and midsize businesses typically lack security personnel and largely go to MSSPs to deliver functionality for security. “MSSPs benefit [by selling UTM appliances] from being able to gain revenue,” Pingree said in an interview with SearchSecurity.com. “From the customer’s perspective, they can go to the MSSP and say they want to add antimalware or anti-spamware to their firewall and the MSSP simply turns it on after the contract has been signed,” he said. “It’s the ease of agility. They can do that quickly for the customers and it benefits both sides.”
Compliance also driving adoption
North American UTM implementation is also largely being driven by increased security and compliance regulations, such as PCI DSS, which requires both firewalls and intrusion prevention technologies. However, according to Pingree, this security mandate isn’t good enough. “If companies want to be successful, they need to go the enforcement route, rather than the detection route,” Pingree said.
With more and more advanced threats infiltrating the Web every day and hacktivists becoming a dime a dozen, companies are reassessing and reinforcing their security controls. Technology purchased years ago has most likely gone stagnant and should be refreshed, Pingree said. “The firewall of yesteryear is no longer good enough to tackle today’s threats,” Pingree said. “In terms of whether it’s problematic to deploy a UTM solution, yes there are challenges, but the benefits far outweigh those challenges.”
Increasing UTM functionality, reduction in costs
In the past, security controls like firewalls were siloed, serving their sole purpose without interacting with other security devices. According to Pingree, experts are seeing an expansion of the context around these security controls across the industry. Security products are becoming more intelligent – they’re starting to reach out to each other and integrate in a harmonious way.
The UTM market is growing quickly as a result of this. During the 2008-09 financial crisis period, when nearly every market was feeling the pressure of a downed economy, there was a shift across the security industry to a cost-savings mindset, Pingree said. Large enterprises and even smaller companies began looking at how they could save money in the short and long term. UTMs provided the answer, he said.
More UTM Resources
Are UTM devices efficient security appliances or a firewall failure risk?
Information Security magazine: The role of UTM in the enterprise
Although they may not work as well as a dedicated stand-alone appliance would, their 3-for-1 feature lineup (multiple security features, integrated on the base of a firewall, in an appliance form-factor), appealed to companies large and small. “You have to take the potential performance impact and weigh it against your savings,” Pingree said. “There’s a bit of negotiation there. But multicore processing has given these [UTM] appliances the ability to deliver at that higher performance. That is going to be one of the biggest factors in driving up adoption rates.”
Overall, Pingree said the future is bright for the UTM segment. “The whole market is on a cost consolidation trend and I don’t think that’s going to change in the near future,” Pingree said. “The biggest challenge is the security controls that are not being monitored heavily enough. SMBs get an overwhelming number of events and can’t chase them all down. But both enterprise and medium-sized businesses need to focus on boosting their operating of security controls.”