I just finished a white paper on how to evaluate UTM (Unified Threat Management) products in the enterprise space. I think that this is substantially different from the way we look at them in the SMB space.
Evaluating Unified Threat Management Products for Enterprise Networks
Here’s the Overview:
The term Unified Threat Management (UTM) has as many meanings as there are products that carry that label. While UTM has primarily focused on the small- and medium-sized network, products are coming to market that aim at the enterprise. This white paper will help you understand the specific issues that enterprises need to consider when looking at UTM products, and offers guidance on evaluation criteria for enterprise-class UTM.
At its core, UTM brings together three main ideas: multiple security features, integrated on the basis of a mature firewall, deployed in an appliance form-factor. The intuitive appeal of UTM is obvious: why have two (or three or four) boxes performing separate functions, when a single box will do? As security threats to corporate networks have increased at an alarming rate, the number of devices to combat these threats has grown at nearly the same speed. However, at some predictable point, it’s not feasible to have every new threat addressed by its own dedicated device.
The reasoning behind UTM has resonated strongly with managers commanding small and medium-sized business (SMB) networks, where UTM firewalls—called such because the firewall is the undisputed lynchpin of the UTM product— have quickly become a standard offering from every vendor. In this market space, UTM firewalls, with combined features that include anti-virus protection and intrusion prevention built in to the same appliance, both reduce costs and simplify configuration.
UTM products in larger enterprise networks areisn’t an easy sell primarily because most UTM products are indeed aimed directly at the SMB environment and enterprise network and security managers haven’t had reason to view them as appropriate parts of their security strategy. Fortunately for the higher end, this product deficit is quickly changing, as enterprise-class firewall vendors are adding UTM features to their product lines. [[This is a place where we could list enterprise UTM products.]].
Obviously, evaluation and design criteria for UTM in enterprise networks must be very different from those of SMB-sized networks. When UTM concepts are brought to bear on large networks, in ways appropriate to those networks, they offer the network and/or security architects’ tremendous flexibility to control and mitigate the risks associated with security vulnerabilities.
Because UTM, in general, and especially UTM in enterprise networks, is new, network managers need a framework to evaluate products and match them to enterprise requirements. This white paper offers six separate issues for network and security architects to consider that are important to any enterprise-sized deployment of UTM.