Problem solve Get help with specific problems with your technologies, process and projects.

UTM appliances: How to choose among UTM vendors

Choosing a UTM appliance is a big job, as testing can take months and the costs aren't negligible. In this expert response, get advice on how many UTM devices to test, and what to consider during the testing process.

We're in talks with vendors about purchasing a UTM device, and are having trouble winnowing down the field. We'd like to do a trial run of a few of the products with our systems, but to do so would be time-consuming, and it's likely that features of the products would've changed by the time we've tested them all. How many products would you recommend actually testing on our networks, and what's the best way to decide which ones to test?

One thing to keep in mind when deciding among unififed threat management (UTM) vendors is your existing network platform. For example, if the enterprise is already running Juniper products, it might be easier to first consider Juniper's UTM platform. This can not only make integration and migration a bit easier, but there may also be cost benefits to expanding a deal with an existing vendor.

But that does not mean the organization should immediately rule out other leaders in this space. Given that UTM appliances tend to be deployed across critical connectivity paths on a network, make sure any UTM product implemented has the ability to protect the network adequately.

A good approach would be to narrow down the field to three or four established network/security appliance vendors whose products meet all the key requirements and rank the vendors based on initial product overviews. The actual bakeoffs (in the interest of time) might be best limited to the top two of the four vendors initially selected. For example, a good initial test case could involve a bake-off between a couple of the following vendors: Check Point (VPN-1 platform), Juniper (SSG platform), Cisco (ASA platform) and SonicWall (NSA platform).

This was last published in July 2010

Dig Deeper on Network device security: Appliances, firewalls and switches

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

HI UTM is basically combination of IPS(intrusion prevention system) and other services like content filter, blacklists etc.

There is advantage of using Suricata IPS on Snort.

UTM with IPS hardware in market are costly .
prefer software appliance like pfsence,Clearos,simplewall.