UTMs – unified threat managers – have been with us in one form or another for some time. The earliest ones were multipurpose appliances and really were little more than a bunch of point solutions to various security challenges packaged in the same server-grade appliances. Somewhere along the line, the term UTM was coined and, along with it, came a sort-of definition: UTMs had to have a firewall, anti-virus and a VPN. The next step was to start adding all sorts of gateway-applicable functionality – back to the multipurpose boxes – and now definitions seem to be drifting back to the original, more structured UTM description.
Today, we can pretty much trust Gartner when the analyst group tells us that a UTM has, “firewall/intrusion prevention system (IPS)/virtual private network, secure web gateway security (URL filtering, web anti-virus) and messaging security (anti-spam, mail AV).”
However, even Gartner admits that we still are in the “point-solution-in-a-box” mode. No matter. The types of functionality described in the most current credible definition subsume most information security functionality anyway. That begs the question: How unified is “unified”? Judging by this year's crop of UTMs, pretty doggone unified.
The notion of the individual parts of a UTM working well together is sort of an expected goal. Over the course of UTM history, playing cooperatively with others was equally desirable, but somewhat more rare than it is today.
We saw quite a range of possibilities in this year's batch. First, there are some indications that a large part of what makes a UTM a UTM is stabilizing. That suggests maturity. The user interfaces are about the same as we are used to – with a bit of refinement in dashboards, perhaps – and the integration of functionality continues to improve.
Where we saw some noticeable improvement came in two specific areas: defense-in-depth and new functionality. UTMs often have been criticized – certainly by me – as killing defense-in-depth since they place all of the security eggs at the perimeter in one basket. That is not necessarily true anymore. Now we are seeing good integration with client-side protection, especially in anti-malware.
The second area – functionality – is growing as well. One of our reviewers observed that this year's batch seems to be heading toward the “super appliance” that does everything security in a single box. While we didn't see any of these super boxes this year, we did see some that are clearly heading in that direction. The added functionality is not radical, either. It is refinement of what the traditional UTM has, certainly of the UTM as defined today by Gartner.
As you make your decisions about which of these merit further attention, though, remember that at SC Labs we don't do shoot-outs. The products are not compared against each other. They are tested and graded on their own merits. What this means to you is that there may be a product that has exactly the feature set you want, we liked its performance, but it is a bit pricey. If price is much less a consideration than the other factors, this might be just what you need – even though it might not have gotten our Best Buy this month.
This is more important in UTMs because of the wide range of available functionality offered. In UTMs, functionality and performance to published specs are king and queen. If the device won't do exactly what you need – assuming, of course, that anything can – it is not worth following up even if it is a five-star value for the money. While that always is true to some extent with our products, we see it most often in multifunction products, such as UTMs.
So, with all of that in mind, we commend our current crop of tools to your consideration. This is a large group – it almost always is – and the competition is fierce. However, we believe you will likely find answers here, even if you don't find the perfect product. So, onward into the month's reviews.