Find out how unified threat management (UTM) can help your customers reduce complexity and increase reliability in this segment of A Manager's Guide to Unified Threat Management. This tip originally appeared in Information Security magazine.
If there's any argument that will resonate with large enterprise network managers, it's this one. UTM strategies can dramatically decrease the number of devices in a network, which has the immediate side effect of increasing overall reliability (with fewer devices to fail, the mean time between failures of the system increases), and decreasing management and debugging difficulty (with fewer devices, it's easier to find where a problem is).
The physical network topology for a single-device solution is much simpler than any pre-UTM environment. In fact, integrating UTM devices can make some topologies easier to implement. While the plan for building a high-reliability firewall service -- usually by sandwiching pairs of firewalls between pairs of load balancers -- is well known, how these interact with a miscellaneous pile of threat mitigation devices is a different and more difficult planning question. With fewer devices in the picture, everything becomes less complex.
There are other complexities that can be ameliorated by use of UTM. For example, if a network has both a firewall and dedicated Web proxy, a goal of the network manager is to ensure all outgoing Web traffic goes through the proxy, and no unsupervised traffic moves through the firewall. This logical complexity, and the attendant risk of error or omission, is reduced if the Web proxy and firewall are in the same box.
If adding UTM features to your network will help you to reduce or at least constrain complexity, then this is a strong argument in favor of UTM. If network complexity doesn't change much, you may have to find a different justification.
A Manager's Guide to Unified Threat Management
Introduction: Be prepared
Consolidation and Cost
About the author
Joel Snyder is a senior partner at Opus One, an IT consulting firm in Tucson, Ariz., and a technical editor for Information Security.
This tip originally appeared in Information Security magazine.
This was first published in January 2007