Five Measures for Purchasing a Unified Threat Management (UTM) Appliance

Securing a computer system has traditionally been a battle of shrewdness: the penetrator tries to find loopholes, and the designer tries to shut them. Earlier, traditional security solutions required the need for a mixture of software and hardware appliances, each performing a specific task to protect the network. While traditional threat management tools such as spam blocking, antivirus, URL filtering, spyware prevention, and intrusion prevention, often supplies adequate protection, the management of multiple tools can be overwhelming. Unified Threat Management (UTM) appliances offer sheer range of security alternatives available—from intrusion detection, network firewalling to load balancing and on-appliance reporting—in a single system which simplifies security management without slowing your network. Also referred as Next-Generation Firewalls (NGFW) UTMs in essence, surpasses the traditional firewall safeguarding establishments in a world where everything is about web.

The necessity for additional technical advancements with direct experience in network security, or simply the desire for increased efficiency of existing resources are the primary reasons for obtaining a managed UTM appliance. However, the comprehensive network threat protection appliances may differ in their description of what exactly it constitutes of but it surely saves money and administrative effort of yours.

Purchase Criteria: Think Strategically                                                                                                                      

1. Vendor:  Typically, top vendors have the resources to participate in ongoing research and look into solutions for emerging threats. Determine a reputed vendor for UTM appliances having line of superior products that provides the best fit for your needs. Also, patronizing a vendor can minify the learning curve for security experts of your organization. Therein lies hidden cost benefits too; the curve represents the rate in which learning translates production planning, cost forecasting and logistic schedules into overall cost savings for a company.

Adding to their expenses, wads of organizations (especially smaller ones) don't have time or resources to test UTM appliances in-house. Those smaller organizations have provision to take advantage from institutes such as ICSA Labs (formerly International Computer Security Association) and avail the testing services.

2. Features: Do you just need to supplement current technologies or a full protection solution is required? Before jumping onto features an appliance incorporates, discern your organization's requirement analysis, and whittle down features which are must-haves and nice-to-have. Not just data loss prevention and deep packet inspection over SSL connections; next comes antivirus scanning which checks web, email traffic and FTP for viruses or spyware, and blocks suspect items at the gateway.

Regarding antivirus, ascertain if the UTM appliance vendor has antivirus solution of its own or has partnered with another company that provides it. There could be a differentiation in the security selection of the vendor's choice and the organization's first choice.

3. Licensing and subscriptions: UTM products, generally, are long-term investments. You would never wish to be running out of steam as the user base expands and gateway traffic booms. So, it is important to go across the vendor’s offerings and how they promise to meet your need in the long run.

So far, UTM vendors offer their solutions on subscription-basis or licenses covering different features like application control, antivirus, cloud-based management control, and support period. Those licenses/subscriptions are normally offered with term limits—1 year, 2 years and up to 10-year extensions. This one area of research could take time to comb through each vendor's bundled offerings, and to find a complete solution at the best suited price.

4. Cost Vs Scalability:  Organizations seek particular security features and capabilities to derive the total cost of the technology as well as the complexity which will be involved in installing the systems products.  There are, sometimes, other plain features too—web application firewalls, email security, and data loss prevention systems and more—that most UTMs offer; it is important to establish whether paying for those functionalities is meriting, or not.

The UTM appliance’s cost will vary immensely, from those geared towards small environments to the highly available and highly scalable appliances for enterprises. This is where your analysis pays off—jotted data ought to point to the appliance with the best fit and convey the organization the features it truly demands. Higher-end UTM appliances are fully scalable, but come with bigger price tags.

When exploring for products, also check UTM appliance ratings or reviews from autonomous and independent sources such as NSS Labs and Miercom.

5. Global Support and Assistance: How many users and devices does the organization need to support now and years down the line? Most vendors offer different tiers of support. At the low end, a support contract could be limited to phone, chat support, including an online knowledge base and forums. Higher priced contracts may provide 24/7 phone support, next-day on-site engineer support, next-day parts delivery, and an assigned account representative. Do remember, some vendors roll support into their licensing package, which must be taken into account when estimating overall costs. 

Even so, the principal advantage of a UTM appliance product is its ability to reduce complexity, this appliance can also act as a single point of failure—when it fails, it fails everything. However, today’s UTM appliances, such as enterprise-ready products, have been designed with built-in redundancy to ward off the single-point-of-failure scenario—blocks off any malware which got through or around the UTM firewall.

A UTM's different practicalities are the result of disparate components complected to form one system. As a result, certain features will be illustrious, whereas others may not be powerful enough. As with most devices, the decision will not only come down to the function of the device but also on the cost. Furthermore, unleashing any network device on your network without a pilot project phase would be considered slightly goosy. So, ideally, this phase should be the integral part of evaluation process for a UTM installation. “A business impact assessment (BIA) to identify risk levels is the right approach,” says Jayesh Kamath, Manager and Information Security Officer, Patni Computer Systems.