By Yuval Shavit, Features Writer
Our Channel Explained series provides targeted articles that flesh out details on technologies but avoid information overload. This week we examine the question, What is unified threat management?
Unified threat management (UTM) devices are network infrastructure devices in which multiple security technologies -- often firewall, intrusion prevention, antivirus and spyware -- are combined into a single appliance. Because these devices provide a single, integrated interface, UTM aims to simplify network security management.
Most UTM devices are firewalls or IPS devices at the core, with other technologies available as optional components or modules. Conversely, nearly all modern firewalls have UTM capabilities. As with other network infrastructure hardware, unified threat management offers value-added resellers (VARs) and systems integrators (SIs) hardware margins as well as configuration services revenue.
Resellers can also provide training for UTM, especially if a migration will require a company's IT staff to use technologies from a different vendor. Since antivirus and spyware programs are often sold on a subscription basis, resellers may have the opportunity for recurring revenue on subscription margins.
UTM was initially targeted at small and medium-sized businesses (SMBs), where IT resources may be limited. Vendors have tried to move upstream, so far with limited success. Questions remain about the products' quality relative to separate, best-of-breed appliances, but enterprises may find that for branch offices -- especially those without on-site IT staff -- the ease of applying patches and updates to a single appliance makes UTM worthwhile.
Although all of the components of unified threat management are mature technologies, UTM devices themselves are a fairly young technology. In addition to checking that each component works well, a reseller or SI looking into a UTM device should make sure that it has adequate troubleshooting functionality; since one device is handling the function formerly assigned to several appliances, it can be harder to pinpoint problems.
Problems with troubleshooting and fault isolation are some of the main inhibitors to UTM in enterprises, but that could change as the technology improves, said Tim Richardson, product marketing manager at Westborough, Mass.-based SI Akibia Inc.
Larger companies may also face organizational problems in a migration to UTM, Richardson said. Many enterprises have different IT staff for each of the appliances that UTMs combine, and for those companies, separate devices may actually be easier to manage.
Keeping each component separate also lets each subdivision of the IT department specialize in its own vendor. With UTM, an entire staff has to be trained on the same product line. That process could be expensive and time-consuming, and you could run into resistance if some employees are loyal to their old vendor.
This was first published in February 2008