The ABCs of UTM
Unified threat management isn’t about a firewall and anti-virus anymore. Here are a few solutions to consider for your SMB clients, with tips for getting reluctant buyers on board.
By Sharon Florentine
Comprehensive security used to mean protecting your organization like a medieval castle: Erect a (fire)wall, defend the perimeter, seal information and assets inside under lock and key (password protection), and close up the entrance with a drawbridge (a solid anti-virus program).
Now, however, security doesn’t stop at an organization’s perimeter. Data, assets, and employees are mobile; wireless networks are rapidly overtaking their hardwired counterparts; and email, data, and sensitive information are all vulnerable. Just as adversaries learned to breach a castle’s defenses, today’s sophisticated threats are engineered to evade firewalls, anti-virus programs, and password protection.
As threats have evolved, new technologies have emerged to defend against them. Unified threat management (UTM) solutions combine multiple network security technologies to provide increased layers of protection. Formerly, UTM referred only to the combination of a firewall and anti-virus, but today the term encompasses additional functionality. “UTM software or appliances combine multiple threat management modules together—usually anti-malware filtering for email and Web, intrusion detection, intrusion prevention, email encryption, and more,” says Andrew Jaquith, senior analyst at Forrester Research Inc.
Consolidating network security with UTM solutions offers additional benefits as well. According to Brandon Bain, director of business development for UTM software vendor Endian, based in Italy, “The UTM market has grown significantly over the last few years because unifying functionality can potentially provide increased levels of network security control and the efficiency inherent in managing a single solution.”
That’s a great value proposition for solution providers looking to sell UTM solutions to SMB customers, many of which are more vulnerable to threats and attacks than their larger enterprise counterparts, yet still face the same legal and regulatory compliance challenges. “SMBs are much more focused on cost effectiveness, are the most mobile segment of the workforce, [and are] much more likely to adopt consumer-based and Web-based technology,” says Dave Meizlik, director of product marketing for security vendor Websense Inc., based in San Diego. “That brings with it a much higher risk.”
Because of these risks, solution providers have an enormous opportunity to demonstrate the power, simplicity, and cost-effectiveness of UTM solutions for their SMB customers. As the technology has matured, it has also come down in price, making it easier for VARs to sell.
THE OPTIONS
There are a number of UTM solutions available for any customer’s size, feature requirements, and budget. Most major vendors offer both a hardware appliance and a “virtual appliance” or software package that can transform existing hardware into a UTM appliance. While hardware-based solutions are often a bit less expensive up front, the costs to manage and maintain them can be high, not to mention the space and energy demands they will make. There’s also a greater risk of obsolescence as the hardware ages.
Software can seem pricey, but the ability for solution providers to install, monitor, and manage the package, and an easier, more cost-effective upgrade path, could lower total cost of ownership over time. VARs can also opt to deliver UTM as a managed service, which may be more appealing to customers.
The key to successfully selling these solutions is education, says Dan Wilson, vice president of partner alliances at Accuvant Inc., a Websense solution provider based in Denver. “The way for our salespeople to position these solutions is to talk about Web, data, and email security. Ignorance is bliss in the eyes of the customer, so you have to show them that, yes, users are accessing Facebook and risky sites that could have malicious code, and they are putting the customer at risk,” explains Wilson.
To that end, Websense helped Accuvant build a demonstration kit to deploy, gather information, and report on vulnerable areas and data loss points. The ability to demonstrate the security flaws in real time makes selling much, much simpler. “[It] makes the sale for us,” says Wilson.
Of course, when it comes to making the sale, different customers have different needs and preferred vendors. Here are four options:
Websense Triton
Websense Triton is a content security solution that enables organizations to safely use the Web as an application platform while protecting them from blended and emerging threats across corporate offices, remote workers, and branch offices. Triton also protects organizations from inappropriate content and confidential data loss. These features add up to improved regulatory compliance for customers and the ability for VARs to monitor and report on not just network security, but compliance requirements from healthcare and retail to finance and government.
Triton can be deployed a number of ways, including a pure security-as-a-service (SaaS) model to reduce cost and complexity while extending coverage and visibility. It also offers a flexible TruHybrid deployment option by which the solution is deployed via a hardware appliance at a central location and uses SaaS to reach branch offices and remote workers.
Fortinet FortiGate-80C and FortiGate-80CM
Fortinet FortiGate solutions are available as stand-alone appliances that integrate anti-virus, firewall, VPN, intrusion prevention, Web filtering, anti-spam, anti-spyware, application control, and traffic inspection. Depending on a customer’s needs, Fortinet offers models with built-in wireless access points and PC card slots to extend security capabilities for mobile, retail, branch office, and remote workers’ applications.
The appliances use Fortinet’s FortiOS 4.0 operating system for enhanced security features such as a stateful inspection firewall, IPSec/SSL VPN, and intrusion prevention. They also deliver SSL-encrypted traffic inspection, data loss prevention, identity-based policies, application control, and endpoint network access control (NAC) to protect against Web 2.0 threats. www.fortinet.com
SonicWall TZ and Network Security Appliance (NSA) Series
SonicWall TZ and NSA Series of software and hardware appliances can be custom-configured to include an array of available services, including gateway anti-virus, anti-spyware, intrusion prevention, enforced desktop anti-virus, content filtering, and more, depending on a customer’s needs. SonicWall appliances also provide dynamic updates of these services as they become available.
The solutions offer deep packet inspection firewall, SSL VPN, IPSec VPN, and Web content filtering capabilities in an integrated appliance that is easy to deploy and easy for customers to manage. Also, the multicore performance features of the NSA Series can help growing small or midsize organizations scale into global enterprises. www.sonicwall.com
Endian UTM
Endian UTM is an open-source hardware/software/hybrid/cloud solution that integrates security services such as a stateful inspection firewall, VPN, gateway anti-virus, anti-spam, Web security, and email content filtering. Because Endian is open source, solution providers can install it on customers’ legacy hardware, delivering a cost-effective solution.
Endian also enables secure wired and wireless Internet access via hotspot functionality; and a secure VPN and access to the Endian Network, through which VARs can centralize the configuration, updates, and management of multiple Endian solutions from a single GUI. In addition, the UTM provides instant recovery capabilities to minimize downtime in case of a failure. www.endian.com
SHARON FLORENTINE is a Philadelphia-area freelance writer with expertise in technology and the reseller channel.†