As I write this, the groundhog has seen his shadow, there are six more weeks of Arctic blasts, and mounds of snow still to fill my days in Vermont. But, back in the SC Lab, things were heating up nicely as SC Lab Manager Mike Stephenson looked through this month's crop of UTMs. A few years back, I boldly predicted that UTMs would merge into a single product type with gateways and SIEMs. Boy, did I get that wrong! The UTM genre is alive and well.
I went back to the UTM issue in 2010 where I said that the UTM was “…fairly strictly defined as containing a firewall, anti-virus protection and an intrusion detection system.” Today, at minimum, we usually see firewall, anti-virus, intrusion prevention, email filtering, content filtering and application control. And only four years has passed. So I suppose that we could say that rather than merging with other product types – even though the UTM was the refinement of multipurpose gateways back in the day – UTMs continue to redefine themselves.
Of course, the purposes for UTMs and SIEMs are quite different at their cores. UTMs are the merging of several types of security products into a single package, while SIEMs focus on different types of analysis. SIEMs, as we will see next month, provide data aggregation, forensic analysis, correlation, data retention – usually in the form of log collection.
That said, the number of competent UTM products has slipped over the years and now we begin to see fewer products, but those are faster and smarter. The products that we saw this month were, bar none, the best bunch that we have seen – ever. Selecting Best Buy and Recommended products was a prodigious challenge. Since that usually falls to me, I depend on a combination of the reviewer's work and my own knowledge of the market and products. This month that was hard going, indeed.
There used to be one major objection to UTMs: They posed a single point of failure. Most UTM functions are in-line, so if they fail you have the option of breaking the connection (fail closed) or opening the connection without protection (fail open). Today, that usually is not a problem. Virtually all competent UTMs can be used with load balancing and redundancy so if a device fails closed the other takes over.
With all of that said, the question boils down to: Is the UTM still a viable product type? I believe that unequivocally it is. There are some pretty solid players in the market and, as you will see from the reviews, they are turning out some top-drawer gear. Also, we are seeing some pleasing innovation in UTMs and I believe that as they continue to evolve we will see more. This is an odd product type because – given that the term was coined back in 2004 – it is still around, still improving, still refining and still meeting the needs of the enterprise. The big question in my view – and this is not necessarily limited to UTMs – is how will the UTM market be affected by the cloud and by the evolution of the software-defined data center.
Virtualization has affected just about everything in the security world, and it remains to be seen how some of the traditional hardware gateway-style systems will respond. There are a few virtual UTMs and it will be interesting to watch how they – and their market – evolve.