Joel Snyder outlines UTM integration challenges

Joel Snyder outlines UTM integration challenges

Date: Nov 30, 2009

Unified threat management (UTM) is difficult to incorporate into a larger security strategy and doesn't necessarily mesh well when a company has various standalone devices and applications. In this video, Joel Snyder of Opus One reviews how unified threat management products integrate with host-based protection and network access control tools.

See why unified threat management is nicely aimed at the midmarket, but not necessarily at companies that are looking to go big.

For more UTM information:
 

Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact editor@searchsecurity.com.  

The integration challenges of unified threat management (UTM)

Joel Snyder: UTM is very difficult to include in a unified
security strategy, in a larger security strategy. The reason
is that one of the main goals of UTM was to say, "You are
already managing our firewall. We are going to give
additional security services that we can put into that firewall,
which you manage in the same way, but with an additional
subscription fee.' The vendor is happy because they additional
recurring revenue, you are happy because you have additional
security. The problem is that if you go to vendor S and get a
UTM with an IPS in it, and also you say, 'I want to do a dedicated
IPS, but over in this other part of the company,' suddenly you
might not be able to manage that in the same way. Vendor S
might not make a dedicated IPS, or they may not offer one that
has these additional features that you are looking for, so you can
run into a situation where you are looking at a particular function
in the UTM, but then you cannot replicate that function across the
board.

AV is another good example. UTM AV is fairly unsophisticated; it
usually, it has to look at only unencrypted traffic, generally, and only
on certain well-known ports. When you are saying, 'I want to have
AV on my email,'normally, you are going to do that at your
messaging security gateway or your anti spam appliance,
whatever it is you happen to buy. They trying to say, 'I want
to bring all my AV alerts or all my AV management back into
one point,' that can be difficult, so your integration across
these different functional areas does not work very well.
That is why most people see UTM as being nicely aimed
at the mid-market, because these are people that are not
going to have 12 IPS'. Someone has a couple of firewalls,
maybe they will manage them separately, maybe they will not,
maybe they will do an HA pair, but they are not looking at very
big deployments with thousands of applications. That is why
UTM is really into that market and is a nice fit for it.

Obviously, there are going to be companies that have tried to
move it up into the high-end, but that is not to say that you can
make the same argument for them, there, it is a different strategy.
I think integration costs can be difficult if you need to go big, and
that is why we see it in the SnB, and we do not see it in the
high-end firewall business place.

More on Threat and Vulnerability Management