UTMs Vs Traditional Security: What's Better?

We try to uncomplicate the answer to this key question by elaborating on the key features you must not compromise on while purchasing a UTM (Unified Threat Management), how a UTM can benefit an SME in the long run, and also how security maintenance and licensing requirements get simplified through its use.

Unified Threat Management as the name suggests is for those who want a one stop solution for ease of management. This gateway level security solution comprises of features like anti-spam, anti-virus, intrusion detection/prevention, firewall, bandwidth management, VPN, centralised management and reporting. With multiple vendors offering UTM solutions in addition to open source options, there is increasing affinity among vendors to provide product differentiation by adding new features to their product line.

Below we have listed down some must-have features keeping the future of IT security in mind:

Fast processing speed

Most of the UTM vendors sell their product as appliance, a combination of optimized software and hardware. Now with too much pressure on these gateway devices as they have to inspect every packet that goes through them, UTM appliance itself can become performance bottleneck. To enhance performance of appliance vendors are going for multi core processors and utilizing this multicore capability by developing multi threaded UTM operating system.

Gigabit throughput

Though we are still far away from time when we would use Gigabit Internet, it would be better to invest in infrastructure that is capable to handling such speeds as these purchases are not made every year.

User level authentication

Though IP and MAC based filtering in firewall is still common with concepts like BYOD along with addition of new computing devices (smart phones and tablets) into organizational environment providing fool proof security based on IP and MAC is becoming difficult and at times impossible. Here is a brief story of what our IT team highlighted while testing pilot NComputing deployment. As single machine with single IP is shared by multiple users in NComputing IP based firewall became irrelevant. To overcome these very practical issues it is recommended to go for UTM device capable of authenticating user than IP/MAC.

Application Firewall

Application firewalls are capable of blocking particular application and leaving others, this is yet another must have feature in your UTM. Now there are number of P2P applications that are bugging network admins for years, with application firewall blocking them is quite simple, on similar lines other applications with high perceived risk can be better managed with this feature.

Support for both IPSec and SSL VPN

Secure connection to remote location is must these days as increasing number of people prefer working from home to better manage their private life without hampering their professional one. VPN has been technology of choice to enable this very setup, therefore next time when you go for UTM make sure that it supports both client based IPSec and non client based SSL VPN. With increasing popularity of SSL VPN having this feature is must for future usability.

Support for 3G/4G and WAN failover

To give additional Internet failover functionality besides the existing inbuilt WAN failover mechanism, UTM these days also support wireless Internet technologies like 3G/4G etc. Having this additional failover mechanism in place means almost zero downtime even if wired network is down, just plug in 3G capable dongle into your UTM and have additional piece of mind.

How a UTM Simplifies Security Management

There has always been a debate between Unified Threat Management vs the best-of-breed approach. Traditionally, organisations use a point solution to protect themselves against each type of threat. Such standalone, or “best-of-breed”, security strategy often consumes huge amounts of money, resource and management time. Disparate security devices and operating systems come with multiple maintenance and support contracts, multiple upgrade and replacement schedules, multiple licensing obligations, multiple training programs and management resources. All of these add to the cost and complexity of an organisation's security infrastructure, and can have serious negative impact on up-time, availability and performance.

Since firms are now realizing the disadvantages, they are migrating to consolidated security platforms or UTM devices to reduce network complexity and switch Capex to Opex.

How a UTM Scores Over Traditional Security Solutions

UTM technology has several advantages including ease of deployment, use and management; flexibility (the ability to turn on whatever security functionality you need whenever you need it); and high ROI (a single UTM appliance is typically way more cost-effective than several standalone solutions). The fact that the various security functionalities within a UTM appliance is produced by one vendor typically also means better integration and coverage between these technologies. SMEs have been more keen to adopt UTM solutions than large enterprises but the situation has changed significantly in the last few years. With better education and awareness of integrated threat technologies, enterprises now realize that UTMs are not rudimentary or “short-cut” solutions targeting small organizations with few IT resources. More of them now understand that today's advanced UTMs perform better than single-point solutions, and can cover the gaps left unattended by traditional standalone solutions.

While some SMEs in India are still content to just have software protecting their organisations, they need to realise that these do not offer the performance of UTMs and are not able to cover the full spectrum of threats that UTMs can tackle.

The Case for UTMs in SMEs

For SMEs, there are no factors discouraging them from embracing UTMs per se once the benefits are properly explained to them. Some smaller enterprises, however, have significant constraints on technology budgets - some of them still think of IT as an expense rather than an investment. Thankfully, this psyche of small organizations is changing and those adopting IT solutions are embracing solutions that provide cost benefits to them, and UTMs are definitely such devices in the security category. The commoditization of network security is also helping SMEs in this regard. Rather than investing heavily on network security solutions, smaller firms can now have a subscription based model to implement network security on their premises through a managed service provider.

This has allowed organizations to have their IT spend on an Opex rather than Capex model. Going forward, we expect such managed services to become more readily available, thus giving more SMBs the ability to access the same levels of security traditionally enjoyed by large enterprises.

Traditionally, organisations use a point solution to protect themselves against each type of threat. Such standalone, or “best-of-breed”, security strategy often consumes huge amounts of money, resource and management time. Disparate security devices and operating systems come with multiple maintenance and support contracts, multiple upgrade and replacement schedules, multiple licensing obligations, multiple training programs and management resources. All of these add to the cost and complexity of an organisation's security infrastructure, and can have serious negative impact on up-time, availability and performance. Since firms are now realizing the disadvantages, they are migrating to consolidated security platforms or UTM devices to reduce network complexity and switch Capex to Opex.