In-Depth

Real World Requirements for Unified Threat Management

Three key features IT should look for when shopping for a UTM solution.

• By Paul Kaspian
• 10/10/2006

Recently, I have seen quite a few articles related to a quickly growing category of integrated security solutions referred to as unified threat management (UTM).Originally coined by IDC in 2004 to denote a shift in market requirements for perimeter security solutions, the term has become popular for easily describing solutions that offer integrated firewall, intrusion prevention, and antivirus. Many companies have augmented standard UTM functionality by adding features such as VPN connectivity, anti-spyware, URL filtering, and other content-related protections.

If you are like many IT administrators I know who play the role of help desk person one day and security expert the next, UTM-style products have undoubtedly captured your attention. After all, it would be nice to solve your key perimeter security needs, augment your desktop antivirus, and provide site-to-site and remote connectivity to the network using a single box. In fact, UTM products are ideal for many small- to mid-size companies faced with an increasing number of security risks and shrinking IT resources.

However, shopping for a UTM solution warrants a little extra homework. Although many UTM products claim to fulfill all your “plug-and-play” deployment dreams, many fall short in some important way. Aside from ease of installation, there are three key criteria you should examine when making a purchasing decision:

• Are each of the components “best of breed?”

Each component of the solution should employ best-of-breed technology. The solution should utilize proven technologies, even if they are from other vendors. You shouldn’t compromise the quality of your security in order to have an integrated solution.

• Are the components really integrated?

Has the vendor taken the time to thoughtfully integrate the management and updateability of each of the components? For instance, even if the product uses a third-party antivirus or anti-spyware engine, it should be easily updatable from the main interface.

• How easy is it to integrate into, and manage within, my environment?

Here’s where many solutions really fall short. Some vendors assume because a company wants an integrated appliance that they are dealing with a simple, single-site environment. This is rarely the case. Examine how easy (or not so easy) it is to manage and update the multiple UTM gateways across your network. Even three or four appliances can turn into both a management headache and a security risk if the UTM appliances are not capable of being managed and updated in a timely and streamlined fashion.

Are you ready to look at UTM solutions for your sites? Shop around and carefully consider each of the key attributes to ensure a secure and manageable framework that will serve you now and in the future.