…for your Organization’s Specific Requirements
By Magnus Boll, September 2018
Which is the one UTM that trumps them all? The Silver Bullet, The Best UTM regardless of circumstance, Preferably at the lowest possible cost. If such a product existed, there would be no need for this article.
Instead we will explore how to identify the best UTM for your particular challenges. Please note that we do not go into the UTM vs Point Solutions debate. We’ll reserve that for a future article.
UTMs first came on the scene in the early 2000s. Initially scoffed at by the established players in the market, the initial reception was on the cool side. These early UTMs had poorly integrated administration. Sometimes obviously patched together from multiple vendors. Feature licensing was confusing and throughput claims were grossly exaggerated and gauged under unrealistically favorable conditions. Some individual components would cost more to enable than the rest of the features together.
Fast-forward to today and the picture is vastly different. The security industry leaders that once turned their noses up at UTMs are now marketing the very same products. Gone are most of the confusing various licenses and subscriptions. Instead replaced with all-encompassing bundles. Management Interfaces have evolved to become both intuitive and logical.
Once considered only for small and perhaps medium size organizations, UTMs have made their way into the largest of enterprises, in some cases as the sole security technology.
Gartner describes UTM as follows: “Unified threat management (UTM) is a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus [AV]) and messaging security (anti-spam, mail AV).”
How to Select the Best UTM – Primary Considerations
The contenders for best UTM need to be weighed against your requirements in these four sections:
First define which features are absolutely required. These are the non-negotiable functions that must be present and (to the highest degree possible) ideally suited for your environment. Next list the nice-to-have features. These are the functions you would use and would clearly benefit from if they were available to you.
Licensing and Pricing
In an ideal world pricing would have a less than secondary impact on the purchasing decision. Unfortunately such a world has yet to be discovered so we’ll be realistic and include the cost factor in our selection process. Although most manufacturers these days have bundled features into a single annual subscription, this is not always the case. Some still have separate annual subscriptions for individual features. To confuse things further these are sometimes priced based on user count or other metrics that affect the cost.
It is important to price each product based on the features and throughput your organization requires. Many attempts have been made to provide price comparisons in this product segment. These are more or less useless, as the cheapest choice for a set of parameters may be the most expensive for a different set of parameters. Required throughput has the biggest influence on the price and requires the most research. The advertised throughput is often based purely on Firewall functionality. Every additional feature enabled will reduce the total throughput capability. Looking a few pages beyond the marketing fluff will often reveal throughput data under various circumstances.
Don’t under-estimate the value of how the technology is administered. No matter how advanced the technology is, or how superior certain algorithms are, if the management interface isn’t clearly understood by the responsible administrators, it can severely cripple the entire functionality. Also make sure that administration roles can be established based on the roles of your staff. One of the advantages of UTMs is a single management console for all features. If the fundamental structure of this management is contradictory to how your organization operates, work-arounds quickly replace proper procedures. The advantages of consolidating multiple features in a single device and single management are then rapidly diminished.
The trickiest part but perhaps the most important. Which UTM integrates best with your organizations infrastructure? Part of the reason we need to establish which features we’ll be using is so we don’t need to concern ourselves with how well the non-essential features integrate. Examine your existing gateway infrastructure and identify any non-standard, current implementations.
For example; if you have more than one Internet connection, how are these currently utilized? Are they load-balanced? Do you use asynchronous routing? Is certain traffic routed through one connection by default? Will you be able to maintain the same routing or would some of the UTMs require alterations to your architecture?
Other considerations may include; Whether existing VPN or security clients are compatible or need to be replaced? Will you need to re-architect in order to take advantage of some features? Maybe the overall gateway layout can be simplified?
Selecting the Best UTM
Once you’ve compared your list of UTMs with the above four sections you’ll be in a position to narrow the list down to perhaps 3 or less contenders for the ultimately best UTM in your environment. Prioritize these sections based on your unique constraints. Technology Integration may seem like priority #1 but If budget is limited perhaps pricing and licensing is a high priority.
If you have a re-seller that you trust, ask for their advice. (See this article if you haven’t found a trustworthy re-seller yet) Do you have other contacts in the industry? Peers that have found their best UTM? If at all possible, evaluate the two top contenders before making a final decision.
If this seems like a daunting task, consider our affordable Infosec Product Selection Service. Our contacts in the industry, experience and resources mean we can identify the best UTM for you faster and without using your valuable resources. We employ numerous methods, above and beyond what is described in this article.
Some Additional Reading Material to get you Started
This article examines how to choose the best UTM appliance by comparing product series from eight of the leading vendors: Barracuda X Series, Check Point Next Generation Threat Prevention Appliances, Cisco Meraki, Dell SonicWall NSA Series, Fortinet FortiGate, Juniper Networks SRX Series, Sophos UTM SG and WatchGuard XTM and Firebox.