Network threats are constantly evolving and in order to
defend them, companies end up deploying multiple security solutions. While
multi-layered security approach is preferred in enterprises, maintaining
multiple security products can be tiresome and often means extra costs in terms
of products as well as resources. In the wide range of security solutions that
exist today, UTMs offer multiple capabilities under a single box, which can be
easily managed through a single interface.
In India UTM appliance market has been fast growing over
the past few years. RNCOS, the market research company, expects it to grow with
the CAGR of 24% by 2012 in India. With the tight budgeting of enterprises over
the past couple of years and the with the idea 'do more with less', enterprises
started seriously considering UTM devices. UTMs have become popular in
enterprises at places like branch offices, workgroups, remote sites, etc. Over
the past few years, almost every networking vendor has come up with their own
UTM product. At present UTM vendors have products for every specific
requirement. There are separate products for large enterprises, branch offices,
SMBs and even for smaller networks such as SOHO. This makes lots of sense
because the need of an enterprise would considerably differ from that of a
smaller network. An SMB would prefer a feature packed UTM, which would serve all
its security needs. An enterprise might already be running some of features and
is looking forward to supplement them with a few more specific features and
might not be willing to pay for the entire range. With so much happening in the
UTM market, it has become very difficult to choose the best UTM which not only
meets all your needs but also delivers good performance.
Good old debate
The old debate of whether to go with an Open Source free UTM device or buy
a commercial appliance still exists. Open Source UTMs have been around for a
long time now which deliver good performance and have requirements as low as 512
MB RAM and a P-IV processor. Which means you have a basic UTM setup for as low
as 15K. Most of these are also available as virtual appliances, so if you
already have an virtualization setup, then your UTM can be ready in minutes and
costs can be further low. However, with Open source UTMs only the basic apps are
free. If you need extra functionalities, you need to pay for them on
subscription basis and obviously you would have to pay for live support from the
vendor, if you require so. A strategy that we have come across is to use the
commercial UTMs at your central and critical offices and Open Source UTMs at
other locations. Again the disadvantage here is you might not get a centralized
management of all of your UTMs and you would need in-house expertise to manage
these products. So you need to do a careful analysis of how much cost effective
would it actually be when going with the mix of both, keeping in mind that a
commercial UTM supporting less than 100 nodes can come for less than Rs 40K.
Features galore
As one would expect from UTMs, these appliances are feature packed, right
from basic firewall, anti-virus, content filtering, VPN functionalities to
messaging security, bandwidth management, application blocking and securing
wireless networks. Before buying a UTM, you need to figure out what are the
features that you need. This could vary depending upon where you are deploying
the device. Security requirements for central office as compared to a remote
site can be very different. For instance, if you plan to buy a UTM for a remote
site or a branch office, you would need to asses how many VPN tunnels would be
enough? Whether you would require Mobile VPNs or not? How many concurrent
sessions you would need? How many DMZ would you need? Quite obviously, these
things would vary depending on the network. Enterprise class UTMs can deliver
more than a million bi-directional concurrent sessions , 6000 or more and
claimed VPN throughput of around 1.7 Gbps. While for a SOHO appliance, these
figures can come down to 10,000 concurrent sessions and 20 tunnels. So it's very
important that you do a careful requirement analysis for you won't want to end
up paying for performance you do not need.
Similarly, for standard features such as messaging
security, will an anti-spam feature be enough or you would need an email IPS as
well as an antivirus with that? In anti-spam, you might also want to look at how
many types of filtering it provides i.e whether it is using IP based filtering
or content based or black/white list filtering etc or all of them. Same is the
case for other features such as firewall, anti-virus, anti-spyware, etc.
Besides protection, one must-have feature of a UTM should be comprehensive reporting mechanism for future analysis and immediate action. |
Many UTMs now follow the modular or subscription based
approach, where you only pay for the features you use. This approach is cost
effective and if in future if you need any of the other functionalities, you can
simply purchase them.
High Availability
High Availability is very critical when it comes to UTM, for the simple
reason that UTM also happens to be a single point of failure. Smaller networks
can still survive with a little downtime, but not so much the case with larger
networks. You won't want to be in a situation where you entire operations goes
to standstill, in case your UTM appliance crashes. Before buying a UTM, ask your
vendor what kind of High Availability options they offer. Two commonly used
approaches in High Availability are active/passive and active/active. In
active/passive option, two UTM are deployed in the network with active/passive
configuration. In case of failure of active appliance, the passive appliance
would automatically take over. Similarly in active/active approach, two UTMs
are used with load balancing.
Management and reporting
Setting up a UTM can be tricky at times, but most UTM appliances come with
intuitive interface and can be easily managed. Implementing policies can be a
little difficult at times. Also, before you buy a UTM, ask vendor about how
easy is it to implement policies. It's always a good idea to have hands on at
the management interface and check out some sample reports.
Enterprise class UTMs now a days also come with WAN or link
failover and WAN load balancing options. Some even allow you to prioritize
links, in such a way that low cost links are used optimally. If you are using
multiple UTMs inside you network, then look for multi-box management feature,
which allows administrators to manage all UTMs from a single console. UTMs also
have self diagnostics or self health monitoring feature, which monitors the
state of UTMs constantly and issues warnings in case something goes wrong.
Coming to reporting, make sure you check evaluate this
feature thoroughly while choosing a UTM. Ideally it should provide centralized
reporting and monitoring and reports should be easy to understand. Most UTMs
now have on-appliance reporting, where all reports and logs are saved on the UTM
itself. In case of large enterprise setups with multiple UTMs, look for multiple
device reporting, where in all reports can shown in one dashboard.