In-depth: UTM and XTM, simply the best?

Unified Threat Management UTM and its evolutionary counterpart Extensible Threat Management have long been regarded as one stop solutions for network security. But are SME's still embracing this technology or are separate products making a comeback? Linda Endersby investigates.

Unified Threat Management UTM and its evolutionary counterpart Extensible Threat Management have long been regarded as one stop solutions for network security.  But are SME's still embracing this technology or are separate products making a comeback? Linda Endersby investigates.

This term was coined by IDC in 2004 for a product that emerged as the evolution of the traditional firewall into a single appliance combining multiple security functions to meet a range of different threats to a network.

Typically functions include: network intrusion prevention, gateway anti virus, gateway anti spam to prevent users receiving unwanted emails, VPN for secure communications between businesses, content filtering, preventing users from accessing inappropriate websites and thereby aiding productivity, load balancing, data leak prevention and on appliance reporting.

The strength of UTM technology is that it is designed to offer comprehensive security while keeping security an easy-to-manage affair. Enterprises get complete network information in hand to take proactive action against network threats in case of inappropriate or suspicious user behavior in the network.

As predicted the solution has evolved further in to Extensible Threat Management (XTM). These solutions have all the features of UTM but are geared towards higher throughput and more detailed management, with the addition of Network administration and monitoring tools.
They also offer the option of clustering devices so that a single point of failure in the network is overcome.

The market
Since 2004 UTM has been regarding as a primary solution for a single gateway defence mechanism. Gartner estimates the UTM market was approximately $1.5 billion in 2009, and forecasts growth of 20%-25% through 2012.

As single unit the UTM solution has a traditional market in the SME arena, due to relative ease of installation, without the need for integration of separate components for the different features. Though with the advent of the XTM extensions the market is widening in 2011 into larger organizations. With increased threat from data loss and the associated difficulties many firms have been forced to re-evaluate their requirements. The costs of the wider capabilities of XTM however can make it prohibitive for smaller firms while increasing the attraction with larger firms wishing to bundle costs.

Market response
So do individuals from the markets agree with the trends? A number of channel participants were eager to comment on the subject.

Terry Greer-King, Check Point's UK MD says: "UTM appliances are still in strong demand from SMEs ahead of point products, because SMEs typically have less manpower and resources than larger businesses to focus on threats. So UTM's emphasis on easy management, easy updates and so on is particularly appealing; of course, the cost saving versus an array of point products and interoperability are also plus points."

"Performance of UTMs used to be a perceived issue, but current appliances offer Gigabit performance at well under £1,000 (for example, Check Point's UTM-1 EdgeN) while including firewall Intrusion Prevention (IPS), anti-virus, anti-spam, web filtering and remote access connectivity," he adds.

"These appliance sales will continue to grow as there are configuration and cost of ownership benefits from using appliances as a security 'delivery system', and of course they make for a relatively easy sale for VARs, with good margins," he says.

Dimitri Sirota, vice president of Marketing and Alliances of Layer 7 Technologies suggests that certain requirements can drive companies to buy separate solutions:"All-in-one security appliances have an appeal for the SMB market because they offer administration convenience and relatively small footprint.

"However these "God" boxes as they have come to be called still share the SMB mindshare with dedicated products from vendors like Barracuda despite over a decade in the marketplace. The only explanation is that businesses want quality capability and often are driven by a specific pain when purchasing product. If a Watchguard or Checkpoint or Palo Alto can deliver enough quality add-on features then an all-in-one then business will consider them. But for companies that want UTM there remains the option of piecing together solutions yourself or acquiring a blade based solution that pre-integrates components on as needed based."

Bill Roth, executive vice president at LogLogic agrees "UTM/XTM products have become de rigeur for channel SMEs. In order to differentiate themselves, they need to add best of breed products to their tools that analyse additional streams of data to provide more context to network data, so that better decisions can be made."

Neil Palmer, product group manager at ComputerLinks adds that many best of breed products are being incorporated into UTM solutions "We still see security appliances (UTM/XTM) as a key product and opportunity for the channel and their SME customers, and rather than best of breed making a comeback, I'm not so sure that it ever left.

"I believe that greater volumes of appliances carrying the UTM tag were purchased mainly for the Firewall & VPN, rather than for their multiple technology subscriptions," he adds.

"However, we're seeing a positive trend in take-up for best of breed appliances as product sophistication has improved, particularly as former point products are acquired and incorporated into these consolidated solutions," concludes Palmer.

Mark Kacary, director of Cirrus Management Solutions makes a compelling analogy with home music solutions to illustrate the point; "If we look at the world of High Fidelity systems, to the connoisseur there is nothing quite like a Hi-Fi system built on best of breed separates; it is said the quality and depth of sounds is incomparable to that of the ubiquitous MP3 player. However the MP3 player, rather like the UTM/XTM, offers those who purchase it a solution which offers them:
•        Convenience
•        Flexibility
•        Value for Money
•        Good enough sound (or security in the case of UTM/XTM)
The effect of UTM/XTM within the IT security market is similar to the effect that the MP3 has had on the music market. Established "best of breed" manufacturers have brought out their own systems/solutions to satisfy the need of the individual/SME.

"Whether it is a unit in which to plug in an MP3 player, or an appliance/solution which now offers more functionality than a conventional standard Firewall; the channel needs to recognise (if it hasn't already) that once it becomes clear to companies that it is possible to maximise their investment through the use of a product which can bring many standard elements of a company's security requirements within the control of a unified management portal, that it is too costly, both in terms of time and money, to manage multiple solutions, with multiple policies and multiple screens."

The Vendors
The commonly held view that more products and vendors are combining with exisiting UTM vendors is borne out by recent mergers and acquisitions

In May 2011 Security company Sophos announced it would acquire Astaro, the 4th largest provider of UTM solutions allowing them to combine their own endpoint, mobile , email, web threat and data protection capablities with the Astaro products.

Shortly after this, Cybernet announced the use of Fortinet's Fortigate UTM product to meet increasing requirements from customers and provide breach proof secured network infrastructure.

Meanwhile many of the larger players such as Watchguard, Cisco, CheckPoint, Fortinet, Juniper, and McAfee, constantly announce updates to their UTM products.

However it does appear that on the horizon there is another generation of products, surpassing UTM and even XTM, giving control over network security in all the ways UTM does, but with extra capability in the application layer.

Gartner and Palo Alto (who coined the technology) have been urging enterprises to adopt Next Generation Firewall (NGFW) products claiming that UTM appliances are ill equipped for emerging threats.

However it is unlikely that NGFW will replace UTM any time soon as they take away the simplicity of the single device UTM solution.

Simplicity is the key
It seems then, that the key for small businesses is the ease of the single appliance solution, with streamlined installation and the ability to update all security functions at once. Not only are they a cost effective purchase, but day to day network running costs are lower than many other solutions. The footprint of many of the UTM devices is small and many do not need to be rack installed.

For those requiring more specified network management the XTM appliances provided by many UTM vendors are a natural step forward, though requiring more specialist installation and operation.

With many vendors using partnerships and acquisitions to add best of breed products to their single solutions thereby adding confidence for the market, it appears that for small and medium enterprises UTM  and XTM is here to stay.

Read more on Data Protection Services