We are approaching a world where the demarcation between our enterprises and the public internet is becoming fuzzier and fuzzier. We allow customers to log into our networks and, through various protective mechanisms, access data deep within our enterprise. Workers access our internal resources through VPNs. However, regardless of how we allow — or don't allow — external access, we still need to protect our borders. That is the theme of this month's two group reviews.
The first group is universal threat managers (UTMs). These devices, by definition, must include an IDS/IPS, a firewall and an anti-virus gateway. However, virtually all of the products we saw this month had far more capability than the minimum. Which leads me to the next product group: anti-malware gateways. These devices have the job of identifying and stopping all types of malware at the gateway, no matter how they attempt to enter (e.g., web or email). For this review we focused on malware that enters via the web.
The key issue here, looking into the future, is that UTMs are becoming more and more like a one-size-fits-all gateway. While I've predicted this convergence many times in the past, what we saw this month confirms again the notion that we are not far from the day when there is a single device on the enterprise perimeter.
That said, these products — in both groups — offer rich feature sets, ease of use and comprehensive protection. As the IPS becomes even more mature, I expect to see the firewall component disappear and the definition of a UTM to include an IPS and a full-featured anti-malware gateway only.
The decision as to what you put on your perimeter is not an easy one. However, the products we tested all have specific applications and they were, mostly, able to perform their particular missions well. That means that you have some architectural decisions to make.
For example, how big is your network in terms of traffic flow through the perimeter? If you are including a product with an anti-spam feature, what is the volume of mail that hits your gateway? You may want to consider disabling that feature and using a dedicated anti-spam gateway. The alternative may be a performance hit at your border.
Another consideration is how much of the firewall do you want to use? There has been a subtle trend since last year's UTM review: the firewall is becoming more tightly integrated with the IPS. That means that you actually can have what amounts to a two-tiered filter. The first, the firewall, does the gross filtering, and the IPS takes on the subtleties. This can help improve performance and security.
Finally, a word of explanation as to some products that I'm sure you have expected to see over the past three months, but didn't. I get several emails per month on this. Usually, there is only one reason why a vendor's product is not in the group when it seems as if it should be: the vendor chose not to participate.
However, the first quarter of this year there was another factor. There were several fine products that appeared in our December Innovators Issue. We did not feel that it was fair to include them within a month or so of their December recognition.
However, to be fair, here are the innovators that we did not include in the group reviews. They all are fine companies with solid products and we were proud to build a special issue around them and the other companies we included. Passlogix — Single Sign-on Platform; Fischer — Identity Suite; Entrust — Identity Guard; Airwave Management Platform.
Congratulations again to these fine innovators! — Peter Stephenson, technology editor