Enterprise UTM security: The best threat management solution?

Based upon my experience ...  deploying a UTM product doesn't really make a significant dent in the time you'll spend configuring and working with the product.   ,

What is unified threat management (UTM)?
UTM products are, quite simply, several security products combined in a single device. From a performance standpoint, this is a perfectly reasonable thing to do. As we all know, many specialized servers, such as those often used to host security applications, sit idle for a substantial portion of the time. Hosting multiple services on the same server is resource efficient, reducing unused capacity.

The basic building block for a UTM product is a network firewall. (For more on firewalls, read my Firewall Architecture Tutorial.) The other components of the UTM will depend upon the vendor and model that you select. Common features include:

• Spam protection
• Content filtering
• Antivirus/antispyware protection
• Intrusion prevention

UTM vendors will be happy to show you fancy charts and graphs "proving" that you'll save tons of time and money by deploying UTM products in lieu of separate components. However, based upon my experience, other than saving a few minutes performing basic NIC configurations and the like, deploying a UTM product doesn't really make a significant dent in the time you'll spend configuring and working with the product. On the other hand, the cost savings do exist, as getting multiple security services from a single device -- and a single purchase -- can provide good value for your IT dollar.

Don't miss need-to-know info! Security pros can't afford to be the last to know. Sign up for email updates from SearchSecurity.com and you'll never be behind the curve!

Vendor commitment is, in my opinion, the greatest downside to UTM products. Take a moment and think about the first UTM offering that comes to mind and the company that produces it. How would you classify that company? If you said "firewall vendor," that's what you'll be buying: a firewall developed by that vendor with some other security features bolted on so they could apply the UTM moniker. Similarly, a UTM product from a content filtering vendor will have excellent content filtering capabilities, most likely supplemented by a mediocre firewall. Is that really what you want?

I'm a big fan of the "best-of-breed" approach to security infrastructure: Find the best firewall, the best IPS, the best content filter (and so on … ) and tie them together with a great security information and event management (SIEM) product. That approach simply isn't possible in the world of UTM.

The role of UTM
So now that I've walked you to the edge of cliff with a UTM box in your hands, let's back up a few steps. I can think of at least two scenarios where UTM can play an important role in securing a network.

First, for a small or medium-sized business, UTM may be the right approach. The cost savings and convenience of having all of these features hosted on a single box may simply outweigh the benefit of having the best individual products available. If that's the case, by all means, consider a UTM.

For more information Watch this screencast and learn how to configure a UTM device. Thinking about MSSP security? Learn which questions to ask before taking the plunge.

In conclusion, unified threat management products are probably a little overhyped. They do take advantage of unused hardware capacity by hosting multiple security services on the same hardware platform, but security pros are unlikely to see significant time savings as a result and may find themselves chained to a non-ideal vendor. That said, if the budget won't permit an alternative, UTM just might be the way to go.

About the author:
Mike Chapple, CISA, CISSP, is an IT security professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity.com, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated. He also answers your questions on network security.