What are Unified Threat Management Systems?
UTM Systems are software that cover all kinds of network infrastructure protection including firewall, virtual private network (VPN) access, application control, intrusion protection and lots of other services that save money and administrative effort.
Unified threat management appliances bundle all kinds of network infrastructure protection into one device. They are mighty popular in small to midsize environments — and are gaining traction in larger infrastructures.
Today’s leading UTM vendors, such as Fortinet, Check Point, Dell, Sophos and others, make the shopping and purchasing process pretty easy (with the exception of licensing and subscriptions). The vendor websites typically list appliances for small, midsize and large environments. Clearly stating performance details, like firewall throughput, VPN throughput, number of users, and number and type of ports.
Tip: Not every company calls its products ‘unified threat management’ or ‘UTM.’ In fact, UTMs are often simply referred to as ‘security appliances,’ and many companies still call them ‘next-generation firewalls.’
Evaluation Criteria for UTM appliances
When researching unified threat management appliances, use the following list of criteria to make a proper comparison:
- Vendor: It’s usually best to pick a market leader, the assumption being that the vendor has a good track record, adequate or excellent support, and has produced a well-honed line of products. Continuity and compatibility are also factors when looking at vendors. If an organization’s security staff already uses products from a specific vendor, the learning curve can be much shorter by sticking with a UTM appliance from that same vendor.
- Features: Not every unified threat management appliance has the same features. Data loss prevention and deep packet inspection over SSL connections aren’t usually part of the standard feature set. Models from the same vendor can include different features, too, although many vendors’ appliances do include a common feature set across all models.
Regarding antivirus, find out if the vendor has its own antivirus solution or is partnered with another company that provides it. Some vendors use Kaspersky or Sophos, for example. The vendor’s choice of antivirus product might not be the organization’s first choice.
- Performance: As mentioned, vendors publish firewall and VPN throughput rates for their appliances. Those ratings are not necessarily the same rates that will be experienced in different environments. When researching products, also check UTM ratings or reviews from independent sources such as NSS Labs and Miercom.
Tip: Time allowing, it’s a good idea to reach out to other organizations that already use UTM appliances and get their feedback on performance in a live environment, as well as ease of deployment, compatibility with other network protection equipment, and tech support responsiveness.
- Cost: The cost of UTM appliances varies greatly. From those geared toward small environments (usually in the range of $400 to $1,200) to the highly scalable, highly available appliances for enterprises (tens of thousands of dollars). This is where a needs analysis pays off. That data should point to the appliance with the best fit and tell the organization which features it truly needs.
- Licensing and subscriptions: With very few exceptions, UTM vendors require licenses or subscriptions to turn on UTM features. Such as application control, antivirus and so on, and/or cloud-based management control. In some cases, it’s possible to configure those features, but they won’t be active until a valid license key is supplied.
Those licenses or subscriptions are offered with term limits. One year, two years and up to 10-year increments. And may or may not include support, such as 24/7 assistance and replacement hardware. This is one area of research where it takes time to comb through each vendor’s requirements and offerings. Try to find a bundle at the best price. Licensing and subscriptions can easily run 50% or more than the cost of the appliance.
Another issue with licensing is to understand if the vendor licenses its product per user, per device or per IP address. If the vendor follows the IP address model, do only those IP addresses behind the firewall count toward the total? If an organization has a high-availability cluster, does each device in the cluster need a separate license?
- Support: Find out what’s included in the standard support package. And the price of a premium package if standard isn’t adequate. Remember, some vendors roll support into their licensing packages, which needs to be taken into account when examining overall costs.
UTM vendors want customers to be satisfied with their products. A happy customer doesn’t need as much support, right? Vendors often allow organizations to request a unit of their choice and run it in their own environment for testing. Some vendors even offer free support during the evaluation period. Online demos may be available to help customers tinker with the interface and to safely reconfigure a virtual appliance to mimic their own network.
During the evaluation stage, be sure to assess ease of deployment, configuration interfaces (GUI, command line or both) and usability of the management console. Can staff easily maneuver around the screens? Are settings easy to find? Is the documentation clear enough to avoid a support call? Ease of use is especially important to smaller organizations that may not have dedicated IT staff.
Finally, if an organization must follow compliance regulations and laws, find out if the UTM appliance offers functionality and reporting tools needed for a compliance audit. Most appliances do, but double-checking this important feature before purchase will prevent headaches down the road.
Thanks to fairly consistent comparison points and a highly competitive market, choosing your UTM system is now easier. However, there are still a lot of factors to consider carefully before making a decision.
Every decision should start with a thorough needs analysis of an organization’s particular environment. Compare those needs with vendor offerings. Then, find out what experts think are the best products for environments similar to yours.