Product Group Tests
Unified threat management (UTM)
April 01, 2011
For all of the talk about maturity of the UTM, nonetheless there are products that are showing some level of innovation in their new releases.
This year we had a gaggle of products for our UTM Group Test, and while some exhibited interesting innovation, most were quite similar to what we saw from these vendors in the past. There are two areas, though, where we saw growth in capability: user interface and the addition of data leakage prevention (DLP) functionality.
Today's UTM does not much resemble the UTMs of the past, however. While the genre has reached maturity over the past few years, there has been significant growth since the product type originated, both in the number of products and in their functionality.
Typically, today's UTM can be expected to contain a firewall, anti-malware and IDS/IPS. For a long time this combination of services dictated the definition of a UTM. Today, though, there almost is no universal configuration that defines a gateway product as a UTM. However, if the gateway has a lot of different functionality and includes the requisite firewall, anti-malware and IDS/IPS, we can call it a UTM.
There is a lot of functionality beyond those main pieces, of course. Many, if not all, UTMs now include application protocol blocking. This functionality started to become important with the advent of such internet application protocols as peer-to-peer in its various forms and instant messaging, as well as such often-abused applications as BitTorrent. Blocking application protocols at the gateway goes a long way toward reducing risks, both technical and legal.
Web content filtering is another capability finding its way into UTMs. This, along with anti-malware, probably covers the overwhelming majority of threats against the enterprise entering through the perimeter. Technical specialists in companies that deal in these two functions estimate that more than 80 percent - some say even higher - of all threats to the enterprise are internet borne and come in via web surfing.
For all of this talk about maturity of the product type, nonetheless there are products that are showing some level of innovation in their new releases. While we saw products that have not changed materially in years, we also saw some that were sparkling fresh with new or extended capabilities and smart new dashboards. When you are looking at a bunch of products with little to distinguish one from another, these stood out even more.
The new dashboards are, we believe, especially important. Since the advent of UTMs and other types of gateway appliances, the issue of how to get 10 pounds of information into a few pounds of space has posed real challenges. With screens screaming that you should try to cram as much information as possible into matchbook-sized boxes on the dashboard, you need to take some definitive action. Today's dashboards tend to be more organized, contain less trivial information and allow the user to customize more than ever before.
Buying a UTM
The most important question always is, "What do you want to do with the UTM?" The second is, "What are the architecture requirements for my enterprise that a UTM can/must support?" It may be that you are already addressing some of the functionality that a particular UTM covers and it may make no sense to buy that particular UTM. On the other hand, the UTM may do a better job than your current solution to whatever problem you are trying to solve.
Not all of the functionality in a given product is equally robust. Sometimes the technologies present in that functionality are from other sources, either purchased, licensed or OEM'd. Look very closely at reviews of the pieces, not just the whole. For example, you will see at least one UTM that appeared last month [Web Content Management Group Test]. At that time, we looked only at one aspect of the product. This month we look at the rest of the product and the solution as an integrated whole. This gives you an opportunity to check both the product and its parts.
All products in this group test