UTM Security Technology Picks Up Enterprise Steam
Technology vendors are forever trying to combine many things into one. Some of these efforts--cellphone makers fortifying their devices with PDAs, MP3 players and gaming gadgets, for example--turn out pretty well. Others, such as Microsoft combining word processing, Web browsing and spreadsheets into a single Windows operating system, encounter a few, let's say, obstacles.
A similar consolidation is taking place in one of the most complex areas of the IT industry: security. Motivated by ever-changing threats and a desire to control costs while simplifying security management, vendors of all sizes have been working on the perfect all-in-one device for Unified Threat Management (UTM). The market for UTM currently is worth more than $600 million, according to IDC, with a CAGR of 15 percent. IDC's Charles Kolodgy was quoted last year as saying that "by 2007, 80 percent of all networked security solutions will be supplied by a single device."
It sounds great on the surface. Who wouldn't want to be able to manage their firewall, intrusion-detection and prevention, and antivirus technologies with the flip of a switch? But despite its seeming simplicity, UTM still requires the kinds of services that solution providers can deliver.
Deploying a single box that addresses an array of security threats--from worms and viruses to spam and phishing--can certainly help declutter data centers and conserve power, but because UTM technology is so new, security vendors still haven't settled on a way to measure the performance improvements it yields.
Now UTM solutions, which first made headway in the SMB space, where networks are smaller and easier to manage, is starting to make its way into the enterprise.
"Traditionally, the enterprise looks for best-of-breed products," says Mike Menegay, vice president of information security at En Pointe Technologies, a solution provider and Symantec partner in Los Angeles. "Our customer base loves...to have all that functionality in one device."
Several vendors have thrown their hats into the UTM ring, although they don't all agree on how to execute the technology.
Symantec offers the Gateway Security 5600 Series appliances, which combine numerous security functions into one appliance, and the 1600 Series for the SMB market. But Secure Computing doesn't target its UTM devices--the SnapGear, Sidewinder G2 and CyberGuard TSP--at the network gateway. (See "Sample Five Flavors of UTM," below.)
"Orienting UTM toward perimeter defense is kind of naive," says John Doyle, vice president of product management at Secure Computing. "You need depth of defense as well."
The vendor currently generates more than 30 percent of its revenue from government accounts, but Doyle says its commercial UTM business has taken off now that a bigger cross-section of businesses wants more robust everyday security. "We're finding that a lot of our commercial accounts want the same level of security that governments do," he says. "They figure, if it's good enough for the [CIA], it's good enough for them."
What solution providers need to recognize is that UTM has attained buzzword status, so vendors will try to shoehorn some of their products into the space.
NEXT: Channel concerns
CA, for example, defines its Integrated Threat Management solutions as UTM offerings, but they don't contain a firewall, one of UTM's most basic components. Sam Curry, CA's vice president of security management, says "firewalls aren't a core competency of CA." He adds, however, that future UTM products from the vendor will feature hosted intrusion prevention and personal firewalling.
Curry says that UTM has emerged because of the changing nature of network attacks. "It's no longer about taking down a system," he says. "It's about using that system as long as possible, so we want to prevent these attacks before they reach the box, and we want to enable partners to upsell more products across the board."
That brings up another concern the channel might have about UTM.
Doesn't deploying fewer appliances mean fewer reasons to return to the customer for future selling opportunities? Not necessarily. Fortinet, which makes the FortiGate Antivirus Firewall appliances, fulfills all of its orders through the channel and has seen more partner opportunities crop up as UTM has evolved.
"You need a multilayered defense to combat the new kind of blended attacks," says Fortinet president and CEO Ken Xie. "Once customers realize that UTM can carry all the functionality they need, they gradually take away their point solutions but add services to their setup."
Secure Computing is seeing a similar trend. No matter how well the UTM devices run, they're only as strong as the security policies that support them, and this is where VARs can assist customers and build revenue. "Security policies still need to be applied uniformly across an organization; any access to a system resource still must be moderated," Secure Computing's Doyle says. "So the consolidation of these technologies into a single vendor or device creates all kinds of synergies for us and our channel model."
VARs agree that there's ample opportunity for value-added services in the UTM space.
"More than 90 percent of the organizations we test fail vulnerability assessments, especially in Microsoft environments," says Adam Gray, CTO of Novacoast, a solution provider in Santa Barbara, Calif.
Gray says the UTM space provides Novacoast with service revenue throughout the life cycle of a product. "We start by risk-rating what the environment has. Then we assign weighted controls to it and build a security program around it," he says. "We have a system in place that can identify the problems as they come out, and we do initial and follow-up services."
Of course, that doesn't mean there aren't occasional headaches. "When something bad happens, it can mean a lot of hours, and it can be a very grueling [job]," Gray says. "The technology available to us is getting much, much better but requires us to be continually updated. Overall, it's a great business to be in."