Securing The SMB: The Value Of Unified Threat Management

Preserving the security of customer data is one of the most profound challenges faced by channel partners in 2013. Partners are hard-pressed to pick up an industry magazine or visit a website without learning about some new attack being waged by cybercriminals in an attempt to steal money and information. And while exploits targeting large financial institutions and other enterprises tend to get the most attention, the dangers extend to companies of all sizes.

Many of the small to midmarket companies under assault do not have dedicated IT people on their staff, let alone specialists focused on information security. This segment of the market is where Unified Threat Management (UTM) is most widely deployed.

According to market researcher Frost and Sullivan, UTM products are designed to consolidate multiple security technologies into a single network appliance, thereby addressing the company's security needs in an efficient and simplified manner with lower costs. Components typically include virtual private networking, next-generation firewalls, content filtering, intrusion protection, antivirus and email security. Some of the more sophisticated versions also include data loss prevention, reputation-based services and sandboxing.

[Related: 9 Unified Threat Management Security Appliances To Watch In 2013 ]

The market for 2011 was measured by Frost and Sullivan at nearly $1.3 billion in revenues with an estimated growth rate of 17.3 percent through 2016. Though not uniformly absent from the enterprise, it tends to be most popular with the SMB segment as well as with remote offices of larger companies.

But as is frequently the case with all-in-one devices, the technology on board is rarely viewed as best-of-breed. Extensive integration within the same device has long been a challenge for virtually every technology, and nowhere is that more difficult than in the fast-moving and ever-evolving information security space. In addition to the rigors of keeping up with changes to the threat landscape, vendors and channel partners who compete in this space are constantly pressured to find new ways to add additional features and otherwise differentiate their products against the competition. Meanwhile, the increased adoption of virtualization and cloud-based products forces the suppliers to raise their game still higher.

"In the SMB space, UTM is the way to go," said Rich Mogull, analyst and CEO of Securosis, a Phoenix-based consultancy. "Those guys are not likely to use multiple devices unless there are very specific security needs. Larger enterprises, on the other hand, tend to be less likely to use UTM. It is too basic for their needs. They are more likely to go with next-generation firewalls that offer deep packet inspection and unified analysis."

NEXT: UTM Top Of Mind For SMBs

That focus on SMBs, as opposed to the enterprise, was a driving factor in last year's departure of IBM from the UTM space, according to Jim Brennan, program director of threat protection strategy and product management at IBM.

"If you go back to the early days of UTM, it was not necessarily focused on [the] SMB," he said. "This was supposed to be the silver bullet for security. But the reality was that there was a significant performance trade-off when you begin switching on multiple technologies within a single appliance. You end up with lower performance levels, which is not acceptable at the enterprise level. UTM brings a very strong value proposition to a lot of SMBs because they don't usually need extremely high levels of performance in terms of network throughput and monitoring. So they can get the functionality and the value out of these appliances and still have a level of performance that is acceptable."

That performance hit is front and center among some of the companies who manufacture UTM devices.

"We are following Moore's law as far as performance goes," explained Kevin Flynn, senior marketing manager at Fortinet. "We have to continually boost the performance so that security becomes less and less of a speed bump."

Fortinet, which has recently rolled out a new high-performance module to support its firewall line, is also in the midst of beefing up its UTM framework to further support security for virtualization and cloud services.

"UTM is about being able to use multiple technologies to protect yourself," explained Flynn. "It's about continually adding both performance and technologies. Reputation-based technology, sandboxing, MDM support and simplified analysis are some of the key examples."

UTM is clearly becoming more strategic as time goes on. The opportunity to wrap identity and access control, security intelligence, threat management and data/application security into a single device will continue to be a solid value proposition over time.

"You've got to have all those pieces," summarized Brennan. "Threats evolve, technologies evolve, and the needs of customers will always continue to mature."

PUBLISHED JAN. 29, 2013