UTM Expands Its Horizons


There has always been a good tension between two structural approaches to implementing security. Both best-of-breed and consolidated approaches -- the latter commonly referred to as unified threat management (UTM) -- offer unique benefits.


On one hand, the benefits of best-of-breed solutions are evident just by looking at the name. Whichever security device or approach the organization sees as leading in its particularly category is thrown into battle. After all, why not go with the best?


UTM also has a strong rationale: By combining various approaches, the organization potentially can save money and, perhaps more importantly, exercise more exacting management since it is dealing with only a sole device. The idea is that reliance on best-in-breed systems -- for some reason, nobody seems to refer to them as BOBs -- complicates matters and causes things to fall through the cracks.


Techworld suggests that UTM hasn't made much of a dent beyond small companies and branch offices of bigger companies. Regardless, the writer says that WatchGuard is, in poker parlance, going "all in" by throwing even more functionality into UTMs. Whereas established UTM approaches offer things such as firewalls, virtual private networks (VPNs), anti-virus and scanning, the newer approaches can throw in multiple wide area-network (WAN) load balancing, virtual local area networks (VLANs), mirroring and other features. The new approach, called extensible threat management (XTM) is being pushed most notably by WatchGuard, the story says.


This is WatchGuard's release from last month on its first XTM device, the WatchGuard XTM 1050. The release, which focuses too much on feeds and speeds and not enough on what the device does, nonetheless provides the salient info for those with the will to dig for it. The XTM 1050 offers deep packet inspection (DPI) firewalls, HTTPS inspection, VoIP security and options including spam blocking with virus outbreak detection, URL and content filtering, anti-virus protection and intrusion prevention and detection systems (IPS/IDS). The XTM 1050 is slated for availability this quarter.


While WatchGuard seems to have gotten the lion's share of the XTM publicity, it isn't the only company traveling this road. This release from another player, Astaro, relies heavily on IDC's analysis of the sector. Astaro, according to the firm's CEO, entered the UTM sector but in reality always worked toward being an XTM-level company, perhaps even before the category emerged. The release says that bigger companies are beginning to accept the idea of UTM/XTM, while the choices continue to grow for small and medium-sized businesses (SMBs).


The sector must standardize on precisely what is meant by UTM and XTM. A recent study by Aberdeen took a crack at the definition of UTM. The release for the study set a baseline that includes network firewalls, anti-virus software, IDS/IPSes and VPNs. The firm found that during the past year, companies using top UTMs enjoyed a 20 percent reduction in threats and related incidents, a 14 percent reduction in audit deficiencies, an 11 percent reduction in unscheduled downtime and could get by with 5 percent less staff.


The lines between UTM and XTM are blurry. Another area to look at closely is how the devices are deployed. Last week, Tata Communications released what it calls virtualized unified threat management (vUTM). The idea is that the service provider offers UTM -- in Tata's case, firewall, IDS/IPS, anti-virus, antispam and Web content filtering -- as part of a managed service. Tata is using UTM services from Fortinet. The service will initially have limited rollout in India, followed by more general availability in the country and other nations in the future, the release says.


The UTM concept has been around for a while. The expansion to XTM and the possibility of its being part of a managed service may push it beyond the limited success it has encountered to date.