Unified threat management (UTM) vendors promise to improve your customer's perimeter defenses, simplify management and generally make your customer's job easier. But there are many appliances to choose from, so how do you know what products you should carry, on which technologies you should train your engineers and, ultimately, what manufacturers you should recommend?
We all know that a "churn-and-burn" VAR has a limited lifespan in the security business. Sure, those folks do a lot of volume, pushing whatever is hot, or they get a good SPIF and sell products to a customer once. But the channel partners that actually act like partners, end up with long term and profitable relationships with their customers.
Let's go through a quick checklist of factors to consider when evaluating unified threat management products.
- The incumbent -- Odds are you already have a firewall, virtual private network and IDS/IPS in your quiver. Look at the unified threat management products of those vendors first. Why? You already know them. Your technical folks know the interface. Your customers are comfortable with the manufacturer. You've figured out how to process orders with their fulfillment group, and your credit is established (hopefully that's a positive thing).
- Go hi-lo -- Depending on the nature of your customer base you may want to consider carrying a high-end product that suits large enterprises with significant scalability and flexibility. But don't forget about having a "toaster" in your arsenal as well -- a plug and play low-end product that's easy to use and gets the job done at a low entry price point.
- Big is beautiful -- As the business has matured over the past few years, the trend in security has been for larger companies to increasingly dominate the security channel. You want to make sure that your chosen manufacturer has the resources to support your business. Whether it's a local support resource, the ability to get a replacement part to you in 24 hours, or the balance sheet to be around for five years, make sure you'll get what you need.
- Need support? -- Given the criticality of perimeter defense to your customers, you need to make sure the manufacturer has your back and can provide the second- and third-level support as needed to solve hairy problems.
So you can pick a manufacturer and get going with a unified threat management product fairly easily. But let's also consider how you'll know it's time to move on, since security vendors evolve both in a good and bad way, and you need to be prepared in case things go south with your first choice.
- Acquisition -- If your unified threat management vendor gets acquired, it's time to develop a contingency plan. Not that all acquisitions go poorly, but enough do that you want to be prepared. At a minimum, there will be significant staff churn and likely delays in product delivery, so make sure you've got alternative plans -- just in case.
- Scaling problems -- Probably the worst thing that can happen to a manufacturer, at least from the perspective of a customer, is exponential growth. Sure, it helps the balance sheet (and makes the venture capitalists rich), but it creates all sorts of other stresses that are problematic: faulty and/or delayed shipments, lack of qualified support reps, the inability to get help on deals in the field, slow paying of incentives and SPIFs, etc. Keep in mind that your customers don't care that the manufacturer is growing too fast; they want their product delivered and supported in a professional manner.
- Disruptive technology and/or pricing -- At some point in every product cycle, an aggressive vendor will come into the market with a product that performs pretty OK and costs 30-50% of what the leader charges. This kind of pricing disruption is worth looking at because your incumbent will not be able to respond quickly, and you will start losing deals if you go to the wall with the higher priced vendor.
A new entrant may arrive on the scene with a new take on the market. In the UTM space, maybe it's adding data leak prevention to the integrated device or something like that. These new offerings are worth looking at, if only to able to drive differentiation in an increasingly commoditizing market.
Unified threat management is one of the most exciting network security technologies to hit the market in a long time. Odds are you already carry one or more of the products in your bag. But keep in mind these tips as you look at new technologies or swap out an existing vendor, and you'll be ready to profit from the trend toward integration at all levels of the security stack.
About the author
Mike Rothman is President and Principal Analyst of Security Incite, an independent information security research firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Mike's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Prior to founding Security Incite, Mike was the first network security analyst at META Group and held executive level positions with CipherTrust, TruSecure, and was a founder of SHYM Technology. Mike is a frequent contributor for TechTarget and a highly regarded speaker on information security topics.
This was first published in January 2007