In this opinion piece, which originally appeared in Information Security magazine, Joel Snyder explains the meaning...
behind a commonly-used marketing term. This definition will help channel professionals make informed choices about threat management devices.
Best-of-breed is the key phrase for one of the biggest arguments against unified threat management (UTM) deployment: It's a code, thrown around by the folks who sell dedicated products, that means, "Our stuff is better than whatever was packaged with your UTM device." In effect, when IPS vendors argue against UTM on "best-of-breed" grounds, what they are saying is that their IPS is better than the IPS in the UTM firewall. Their product is Parmigiano-Reggiano; UTM is supermarket cheddar.
Of course, this is a matter open to debate. While it's often true that the specialized devices have more functions, features and flywheels than those in a UTM device, there are two reasons why you might not care:
- Many network managers have no need for the additional features in standalone devices. For example, standalone antivirus typically has an option to quarantine viruses, while UTM firewalls generally don't. That's fine, except experience has shown that antivirus engines almost never have false positives, and best practices are to simply delete messages rather than quarantine them.
- Often, you want a different set of features in an embedded firewall than you want in a standalone device. IPS is the perfect example: a technology that can be of use to almost anyone, yet only a few are willing to put in the time and energy to maximize value. A simple IPS that doesn't allow or require complex configuration is perfect for integration with a UTM firewall.
For network managers, "best-of-breed" has its own meaning: choice. In today's UTM environment, vendors tend to offer little choice when adding features to a UTM device. They partner with specific -- dare I say it? -- "best-of-breed" OEMs to add their features, or, in some cases, develop the expertise on their own. But rarely do they give the network manager a choice of products to enable or disable in the UTM firewall. When vendors say "best-of-breed," they really mean "best-of-a-commoditized-breed" when talking about other people's products, but "best-of-a-highly-differentiated-breed" when talking about their own.
The lack of choice is a dominant, but not universal, characteristic among UTM devices. In the SMB space, it is rare to find choice except perhaps in antivirus (because everyone agrees that having different vendors for antivirus is the smart solution). In the enterprise space, vendors are making a more sincere effort to offer real choice when building UTM devices.
About the author
Joel Snyder is a senior partner at Opus One, an IT consulting firm in Tucson, Ariz., and a technical editor for Information Security .
This opinion originally appeared in Information Security magazine.