Many security professionals adhere to the idiom, “Don't put all your eggs in one basket.” So what's to explain the rise of multifunction security appliances, commonly referred to as unified threat management? UTM – simply defined as an appliance that inherently contains a firewall, network intrusion detection and prevention and gateway anti-virus – has gone from an emerging market with vendor revenue of only $100 million in 2004 to $1.3 billion in 2007. Sales are forecast to exceed $2.5 billion in 2010.
UTM has enjoyed considerable customer acceptance due to a changing threat environment, multiplying perimeter enclaves and consolidation of networking and security.
The threat environment changed with blended attacks. These metastasized attack methods exploit small gaps between various security layers. Security has responded by combining security layers into a cohesive package.
Also, many claim the network perimeter is deteriorating. The reality is it has been expanding into network enclaves. Each small business, remote office or retail site creates a mini-perimeter that requires protection. The ever-increasing network islands require simple security solutions that are affordable, easy to install and manage, and offer multiple functions.
UTM has been extremely successful as a low-cost solution. Over half of the products in the market cost less than $6,000. UTM growth also benefits from the reduction in capital costs from consolidating networking and security.
The next challenge is taking UTMs to the enterprise and there are roadblocks to this enterprise deployment. These include familiarity with single function security, performance concerns and the best-of-breed argument.
Although UTM works well as a multi-feature device for network enclaves, it isn't solely a single product. It is instead a platform offering consistent security. A UTM-based platform provides organizations with options on which to build its security infrastructure. UTM appliances provide customers with considerable deployment flexibility while at the same time offering a standard management platform. All of the functions of a UTM appliance can be deployed, or the product can be used for a specialized purpose. When the UTM is used for a single workload, the enterprise maintains the advantages of consolidated device and security management, a single hardware base, and one vendor to deal with. Additionally they retain the flexibility to enable features as required without needing to deploy new appliances.
The best-of-breed argument is also dealt with through choice. Enterprises can select a UTM vendor which partners with others for the security applications, select two UTM vendors for expanded coverage, or accept that “best-of-breed is for dog shows.” An IDC study shows that “best” often means “What I know and understand” not “the most secure.”
Lastly, what does the future hold for UTM? IDC believes that UTM will remain the primary security solution for distributed environments, but within the enterprise it will evolve into an eXtensible Threat Management (XTM) platform. XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility. Future XTM appliances should provide automated processes – such as logging, reputation-based protections, event correlation, network access control and vulnerability management. Adding to the networking capabilities will be management of network bandwidth, traffic shaping, throughput, latency and other features, including unified communications.
No matter how you feel about UTM, it is clear that they have become a key cog in the network security infrastructure and their influence will only increase.
Charles Kolodgy is a research director at IDC.