In this opinion piece, which originally appeared in Information Security magazine, Joel Snyder explains the meaning behind a commonly-used marketing term. This definition will help channel professionals make informed choices about threat management

    Requires Free Membership to View


Best-of-breed is the key phrase for one of the biggest arguments against unified threat management (UTM) deployment: It's a code, thrown around by the folks who sell dedicated products, that means, "Our stuff is better than whatever was packaged with your UTM device." In effect, when IPS vendors argue against UTM on "best-of-breed" grounds, what they are saying is that their IPS is better than the IPS in the UTM firewall. Their product is Parmigiano-Reggiano; UTM is supermarket cheddar.

Of course, this is a matter open to debate. While it's often true that the specialized devices have more functions, features and flywheels than those in a UTM device, there are two reasons why you might not care:

  • Many network managers have no need for the additional features in standalone devices. For example, standalone antivirus typically has an option to quarantine viruses, while UTM firewalls generally don't. That's fine, except experience has shown that antivirus engines almost never have false positives, and best practices are to simply delete messages rather than quarantine them.

  • Often, you want a different set of features in an embedded firewall than you want in a standalone device. IPS is the perfect example: a technology that can be of use to almost anyone, yet only a few are willing to put in the time and energy to maximize value. A simple IPS that doesn't allow or require complex configuration is perfect for integration with a UTM firewall.

For network managers, "best-of-breed" has its own meaning: choice. In today's UTM environment, vendors tend to offer little choice when adding features to a UTM device. They partner with specific -- dare I say it? -- "best-of-breed" OEMs to add their features, or, in some cases, develop the expertise on their own. But rarely do they give the network manager a choice of products to enable or disable in the UTM firewall. When vendors say "best-of-breed," they really mean "best-of-a-commoditized-breed" when talking about other people's products, but "best-of-a-highly-differentiated-breed" when talking about their own.

The lack of choice is a dominant, but not universal, characteristic among UTM devices. In the SMB space, it is rare to find choice except perhaps in antivirus (because everyone agrees that having different vendors for antivirus is the smart solution). In the enterprise space, vendors are making a more sincere effort to offer real choice when building UTM devices.

About the author
Joel Snyder is a senior partner at Opus One, an IT consulting firm in Tucson, Ariz., and a technical editor for
Information Security .

This opinion originally appeared in Information Security magazine.

This was first published in January 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.