This PC Magazine piece looks at four products that are aimed at protecting small and medium-sized businesses (SMBs). The fact that three of them are members of the unified threat management (UTM) family may or may not be a coincidence. The reality is that this sector is hot.
The writer looks at the Astaro Security Gateway 120 (verdict: potent features, confusing configuration, high price); the eSoft InstaGate 404e (easy to use, powerful, lets too much malware through, expensive); and the Sonic Wall TZ 180 Wireless TotalSecure 25 (great installation and configuration, good wired and wireless security, not too flexible, low price). Each capsule links to longer reviews. The non-UTM piece of equipment described is the Trend Micro InterScan Gateway Security Appliance 1.5.
Like network access control (NAC), UTM is attractive in its ability to cut complexity and cost by teaming discrete security products in a common framework. The particular security measures that go under the umbrella differ on a case-by-case basis. This overview from SC Magazine maintains that UTM systems at minimum offer a firewall, intrusion detection and prevention sytems (IDS and IPS) and anti-virus functions. The writer said that last year, many "multipurpose appliances" claimed to be UTM products. The category is maturing, however, and more products fit the truer definition of UTM.
The author then provides a good news/bad news analysis: The bad news is that UTMs, by squeezing in more functionality, can represent a significant single point of failure. The good news is that the products available "all are very competent." This nice overview of the UTM landscape at Government Computer News clearly is written by somebody who likes the UTM concept. It explains that SMBs were the first area where these devices, which don't require a lot of care and feeding once they are operational, gained traction. Now, the writer says, enterprises are using UTM in remote offices, at the network's edge, and in other localized and specialized scenarios. The story goes into good detail about the composition of a UTM systems, mostly from a government user's perspective, describes important elements of a UTM, and ends with a look at five products (from Secure Computing, Symantec, WatchGuard and two from SonicWALL). http://www.telecomasia.net/article.php?id_article=4895This telecomasia.net writer agrees with the SC Magazine in suggesting that UTM has a bright future in the enterprise sector. In the nearer term, UTM packet inspection will grow deeper. The article, which features the launch at CommunicAsia2007 of SonicWALL's NSA E7500 UTM, said both evolutionary paths are predicated on speed and processing power.
A good if somewhat secondary point raised in this MCW Research posting concerns definitions. UTM is aimed at handling anything that comes at the network. A discipline with a very similar name -- unified risk management -- is geared toward avoiding or limiting as many threats as possible. The writer defines it as "maintaining awareness of your assets, their vulnerabilities, and the risks they face" and using that information to make intelligent decisions on how to protect the network.
Clearly, the two disciplines are significantly different, though there is no reason that they can't work in parallel to protect the network and its users. IT departments should keep the two straight when researching security strategies.