By Stephen J. Bigelow, Senior Technology Writer
The integration of security technologies in unified threat management appliances promises client organizations simplified management, but getting to that point isn't always easy. UTM products offer solution providers numerous opportunities to help the client plan for deployment and rollout, make changes and improvements to the client's network, advise the client on changes to their processes, and even manage the UTM product -- generating recurring revenue along the way.
But UTM is also evolving, incorporating ever more features that a solution provider must understand in order to meet their clients' changing needs. The first part of this Hot Spot Tutorial introduced the basic concepts and capabilities of UTM. The second installment examined common UTM deployment concerns and typical management considerations. This final article delves into some of the business opportunities for solution providers and offers some predictions on where UTM is headed in the future.
Channel opportunities for unified threat management
Unified threat management promises several important opportunities for the channel, including sales, consulting and services. Solution providers typically expect strong UTM sales, as UTM products replace aging network firewalls and position clients for a consolidated security posture.
"There's a lot of people who are looking to dump their old firewall," said Andrew Plato, president of Anitian Enterprise Security, a security solution provider in Beaverton, Ore. "Anybody who has a firewall over three or four years old should really be thinking about replacing it [with UTM] … so there's a good opportunity there."
Since UTM products include a proliferation of features, sales opportunities can also extend to replacing aging gateway security services such as intrusion detection or prevention, virus/spyware/spam scanning and Web content filtering. UTM can also be deployed at other strategic locations in the client's network. Plato points to a recent client deployment where UTM was deployed in front of an application server farm.
But sales are a relatively small part of the total UTM business opportunity. Consulting (or professional services) is another important opportunity, allowing solution providers to generate revenue during the UTM planning and implementation phase. Evaluating the client's security needs and current security products and then providing a comprehensive rollout plan can ease the client's transition to a UTM platform. Additional revenue is available in the actual installation and initial configuration of a UTM product. Few clients opt to implement every available UTM feature immediately, so several features are enabled early and other features are phased in over time. Those features can then be handed off to the appropriate group (e.g., the security group or network group) within the client's organization.
Solution providers should address the disposition of displaced products in any consulting discussion or implementation. Remember that adding a UTM product will typically cause existing firewalls, IDS/IPS and other security products to be decommissioned. In most cases, old products are relegated to the scrapheap.
"The reason you go to UTM is leverage, so continuing to have another device commissioned that doesn't play along with the policy engine … doesn't really make a lot of sense," said Mike Rothman, president and principal analyst at Security Incite, an independent analyst firm near Atlanta. Still, knowledgeable solution providers can connect clients with the secondary market, which may buy the used equipment, or help the client reallocate the used equipment in a lab or remote office environment to save money in the near term.
There are also opportunities for ongoing UTM management and analytics. This can vary from periodic testing and updates to regular analysis of the UTM event logs to frequent updates of rules and policies. Clients can turn to their solution providers for assistance in updating security policies and procedures, ensuring that each application functions normally while meeting regulatory compliance or corporate governance requirements.
"That's why the idea of a managed UTM solution … starts to look pretty attractive," Rothman said. "It allows the reseller to build an ongoing 'annuity' type of relationship with the customer."
Services are particularly attractive for smaller organizations that lack the resources to manage UTM (and security in general) in-house, and ongoing relationships keep you in regular contact with the client -- often leading to more opportunities in the future. Managed UTM can take on a variety of forms -- some may involve periodic on-site visits to collect log data and make configuration changes, while other forms may allow the solution provider to log into the UTM device remotely for those same purposes. It really depends on the capabilities of the provider and the flexibility of the client.
Plato was quick to point out that success in consulting and management services will depend heavily on the training and experience of your personnel. "You can't take a person who deploys phones and expect them to turn around and be a UTM expert," he said. "You need to get a good security person."
In spite of its benefits, solution providers must understand that unified threat management may not be appropriate for clients with rigid, highly defined group separation or those that need to avoid vendor lock-in as a matter of business strategy. For example, client organizations with a highly "siloed" infrastructure may have tremendous difficulty deciding on which group will own and operate each feature of the UTM device -- this can make it impossible for multiple groups to share UTM management responsibilities effectively. Similarly, some client organizations are strongly opposed to the notion of committing virtually all of their network security to a single vendor's product, often fearing poor vendor support or limited product alternatives.
Future directions and features of UTM
Unified threat management is still evolving. One attribute of this ongoing evolution is product maturity as vendors improve the integration and performance of their UTM offerings. Solution providers should also expect to see more features and functions added over time. "It's a matter of looking to the perimeter, seeing what customer problems are trying to be solved there, then integrating that into a common platform," Rothman said.
The actual features are difficult to predict and will vary depending on client needs along with the emergence of new threats, but there are a handful of interesting technologies that may soon fall under the UTM umbrella. For example, integrated SSL VPN features -- already present on some UTM products from vendors like Fortinet, Cisco and SonicWall -- should become commonplace. Integrated WAN acceleration may emerge to help organizations improve bandwidth utilization for faster data movement between remote locations. Email security will be strengthened with more attention to outbound traffic, and deeper content inspection will help to block suspicious traffic both entering and leaving the organization. More identity management and authentication capabilities will eventually reside in UTM appliances. Network access control (NAC) and more proprietary features like User-ID technology from Palo Alto Networks ensure that only authorized users are permitted into the network.
In spite of the trend toward more features and consolidation, Rothman noted that UTM is not (and should not necessarily be pitched as) an all-or-nothing proposition -- some clients may continue to use only certain features of a UTM platform, while handling other security features using standalone technology.
Perhaps the ultimate expression of UTM technology is the eventual marriage of network security and integrated endpoint security, which would cover an enterprise from the gateway all the way to workstations, laptops or even mobile device users. "Have a management console that can manage everything from the endpoint all the way up to your firewall gateway," said Joe Luciano, CEO of AccessIT Group, a provider of IT security and infrastructure headquartered in King of Prussia, Pa. "I think that's what most [vendor] organizations are striving for."
This was first published in August 2008