Unified Threat Management Appliances: How to Choose 'Em and Use 'Em
Expert advice on evaluating and selecting a unified threat management (UTM) appliance that fits your needs
By Bob Violino
April 05, 2009 — CSO —
To protect networks and information against increasingly sophisticated threats, many organizations are deploying security in layers. Some are finding that an efficient way to do this is by using unified threat management (UTM) appliances.
UTM systems have multiple features and capabilities, including intrusion detection and prevention, gateway antivirus, e-mail spam filtering and Web content filtering, as well as the traditional functions of a firewall, integrated into one product offering.
Some vendors offer the option of purchasing UTM appliances for all of the various functions available or integrating just a few of the functions as needed.
It's a fast-growing market. Research firm IDC (a sister company to CSO) released a report in October 2008 saying that it expects UTM products, which passed the $1 billion mark in market size in 2007, will make up 33.6 percent of the total network security market by 2012.
The UTM market has attracted a large number of vendors. Among the market leaders are Fortinet, Cisco, SonicWALL, Juniper, Secure Computing, Check Point, Watchguard, Crossbeam Systems and Astaro.
Vendors continue to add new features to the basic functionality of the products. For example, the latest version of Astaro's Security Gateway product includes HTTPS Proxy Filtering, which allows users to filter and control secure Web traffic and block programs that attempt to bypass security policy with SSL tunneling.
Another new feature, Site-to-Site VPN, lets users create permanent tunnels between Astaro Gateways, providing a simple way to permanently connect two gateways while supplying the security level of an IPsec VPN tunnel.
In November 2008, Fortinet introduced a UTM product that gives organizations the ability to segment their networks for greater policy granularity and event isolation.
More vendors are adding new messaging security capabilities such as e-mail spam filtering and instant messaging security, and Web security features such as Web application firewalling and content filtering, says Jon Crotty, research analyst for security products and services at IDC.
Crotty says other new developments in UTM include centralized management using graphical interfaces, enabling networkwide changes for licensing and upgrades, and network features such as the ability to monitor latency and throughput and automated event correlation and network logging.
IDC and others are beginning to call the newer UTM appliances (with these added security and networking features and functions) "extensible threat management" (XTM) systems.
If your organization is considering implementing a UTM system, here are some things to consider.
What Do You Really Need?
Before looking into products on the market, determine the specific security needs of your organization.