UTM or flexible security platform?

The unified threat management bucket is starting to show signs of age. So many products and vendors have been jammed into that bucket that you have the strange situation of hardware platform vendors sharing the same space with Frankenstein monster collections of security applications bundled into Linux platforms. It is time to rethink the actual directions that the gateway security space is taking.

Some benefits of UTM devices are obvious. There is a true market push towards reducing the number of boxes that are required to provide adequate defense. Along with that comes a reduction in the number of vendors, although some solutions still require third parties to provide the content based signatures for IPS, URL filtering and anti-virus. The complexities of managing multiple solutions is magnified in HA (high availability) configurations when at least two of each solution must be present and infrastructure such as routers and switches has to be doubled up as well.

What is really happening though is that the fundamental requirements for security gateways are changing. The first generation of such devices were stateful inspection firewalls (Checkpoint).The second generation was hardware appliances (Pix, Netscreen). The third generation is IPS-FW-VPN appliances that leverage their full content inspection to provide the types of defense needed at every gateway (Fortinet). These devices, if adequately provisioned and designed can also do AV, spam filtering, and URL filtering and may be called upon to do outward bound filtering (leak prevention) as well as WAN optimization (compression and caching).

We are rapidly approaching the advent of the fourth generation security platform. This is a device that can do all of the security functions that are lumped in to UTM but are also excellent network devices at layers two and three. They act as a switch and a router. They supplant traditional network devices while providing security at all levels. Their inherent architectural flexibility makes them easy to fit into existing environments and even make some things possible that were never possible before. For instance a large enterprise with several business units could deploy these advanced networking/security devices at the core and assign virtual security domains to each business unit while performing content filtering and firewalling between each virtual domain, thus segmenting the business units and maximizing the investment in core security devices.

One geologic shift that will occur thanks to the advent of these fourth generation security platforms is that networking vendors will be playing catch up, trying to patch more and more security functions into their under-powered devices or complicating their go to market message with a plethora of boxes while the security platform vendors will quickly and easily add networking functionality to their devices.

Routing, while not trivial, takes very little CPU power and the memory requirements to maintain routing table are usually insignificant compared to the requirements of a security device that is performing full payload assembly on millions of packets. Therefore, adding routing to a security device is less technically challenging and encounters fewer changes to a vendor's business model than does adding full security functionality to an existing routing platform. Switching on the other hand needs to be performed at very high throughputs and low latency so requires specialized hardware, ASICs, to perform well. Most switch products do not have the intelligence to apply rudimentary security rules, let alone firewalling, VPN, and IPS. Therefore, adding switch hardware to a security device poses fewer challenges than adding security functionality to an existing switch platform.

Fourth generation network security platforms will evolve beyond stand alone security appliances to encompass routing and switching as well. This new generation of devices will impact the networking industry it scrambles to acquire the expertise in security and shift their business model from commodity switching and routing to value add networking and protection capabilities.

Richard Steinnon

Richard Stiennon is Chief Research Analyst for IT-Harvest, the firm he founded in 2005 to cover the 2,337 vendors that make up the IT security industry. He has presented on the topic of cybersecurity in 31 countries on six continents. He was a lecturer at Charles Sturt University in Australia. He is the author of Surviving Cyberwar (Government Institutes, 2010) and Washington Post Best Seller, There Will Be Cyberwar. He writes for Forbes and The Analyst Syndicate. He is a member of the advisory board at the Information Governance Initiative. Stiennon was Chief Strategy Officer for Blancco Technology Group, the Chief Marketing Officer for Fortinet, Inc. and VP Threat Research at Webroot Software. Prior to that he was VP Research at Gartner, Inc. He has a BS in Aerospace Engineering and his MA in War in the Modern World from King’s College, London. His latest book, Security Yearbook 2020, is available on Amazon.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.