Problem solve Get help with specific problems with your technologies, process and projects.

UTM appliances bundle security, give VARs multiple revenue streams

Unified threat management (UTM) appliances have replaced simple firewall/VPNs in the SMB market. VARs profit through appliance sales, recurring revenue through software subscriptions and managed security services.

Five years ago, we'd be talking about "all-in-one" or "turnkey" appliances, and have to explain carefully exactly what we were talking about.

That's changed. Marketing folks have anointed all-in-one appliances with an acronym that's stuck -- UTM (for unified threat management) -- and they've become a staple for VARs.

"A lot of the VARs in the markets we serve look at UTM as one of six to 10 core competencies in their solution portfolio for the SMB market," said eSoft president and CEO Jeff Finn.

The rationale for UTM appliances remains as strong as it was in the early years: good firewall and VPN plus added services -- typically IPS, antivirus, antispam and Web filtering -- in one box. Companies get a lot of security in a single box at an attractive price, one management interface instead of three or four and simplified updating and maintenance.

SMBs are still outgrowing their firewalls and even early UTM appliances, just as they outgrew first and second generation firewalls years ago. High-speed Internet connections, once reserved for larger organizations, are now accessible at low prices. And, companies -- especially those in sensitive industries, such as banking and healthcare -- have grown very security conscious and are looking for more than network firewalls and desktop antivirus.

UTM appliances offer a steady stream of recurring revenue for channel partners. Selling boxes is just the beginning.

"The replacement upgrade has been very hot for us," said Vinny DiSpigno, CEO of Webistix Inc., a Holbrook, N.Y.-based VAR and a SonicWALL partner. "Predominantly a lot of firewalls have been out there three, four, five years. They've gotten upgraded connections, but the horsepower of the firewall hasn't kept up."

Even more important, perhaps, UTM appliances offer a steady stream of recurring revenue for channel partners. Selling boxes is just the beginning.

VARs are leveraging UTM appliances to expand their managed services in ways that only pure-play MSSPs once operated. They can manage firewalls, plus IPS, gateway AV, Web filtering, email security and whatever other security functions a UTM vendor may provide. They can respond to problems and security threats without getting into the truck and visiting the customer. The key is the remote management and monitoring and Web-based portals that are at the heart of most UTM vendor offerings.

"The margin is rich on the services side," said Anthony James, vice president of products at Fortinet Inc. "It's a great source of recurring revenue."

Remote vendor monitoring tools allow VARs to respond proactively to security threats. In effect, customers can, if they choose, simply buy the boxes and let their IT providers handle the rest. Vinny DiSpigno, for example, said Webistix uses N-Able as its foundation managed services platform, but SonicWALL's GMS is what gives him the ability to manage UTM appliances at a detailed level and deliver regular reports to clients.

Those reports let customers know that their service provider is watching out for them, even if nothing has gone wrong.

"We can centralize reporting and integrate quarterly reports into our managed services," said Carl Mazzanti, CEO of Hoboken, N.J.-based eMazzanti Technologies, a WatchGuard partner. "We can aggregate remote monitoring and management of multiple clients."

That allows VARs to service more clients at a high level of detail without logging into individual sites or worse, physically going on site. But that's not the real payoff of remote monitoring and management, said Dispigno.

"It hasn't really affected type and number of customers, the real effect is our ability to service customers at a level they aren't used to," he said. "We used to be reactive, now we're the ones placing the outbound call to tell them: 'We noticed your connection down,' or 'our system shows you are under DoS attack.'"

While some vendors talk about UTM for enterprises, large companies are almost always looking at high-end network firewalls, perhaps with intrusion prevention added. For the most part, the break point probably comes as you approach 1,000 employees, with the sweet spot generally at 500 and below. There are exceptions, of course, such as small companies with very high traffic and bandwidth needs, and large companies with relatively small IT components.

The enterprise opportunities come in branch offices, where companies want to manage smaller boxes through the same management console, from the same vendor as their high-end firewalls.

Certainly, in the SMB market, firewalls and UTM appliances are now one in the same, save, perhaps, for the smallest SOHO boxes. The question will be which, if any, additional services companies will pay for.

"At the lower end, companies tend to say, 'We already have a firewall, etc. -- boss is all over me to cut costs,'" said Steve Snider, president of Cincinnati-based Cadre Technologies Inc., a Check Point Software Technologies partner. "We'll say, 'Did you look at integrated solution? You can have all of your needs taken care at once.'"

Resellers can realize recurring revenue and up-sell into larger appliances, based on subscription services for antivirus, IPS, antispam, URL filtering, etc. In the early days of UTM, those security capabilities were typically offered a la carte, but increasingly, vendors are offering them as a bundle at what they hope the customer sees as a good price. Customers like the flexibility of choosing which security capabilities they want to use and when to turn them on, without having to go back into their contract to pay more.

More on unified threat management
Unified threat management: Migration and management techniques

What are unified threat management (UTM) firewalls?

The benefits of unified threat management devices

Selling services individually can be challenging. Companies are more likely to ask, "Do I really need to spend money on this?"

"The least favorite add-on is probably antivirus. It can be a tough sell, because most have some type of AV on their server and desktop," said Webistix' DiSpigno. "Especially because it is priced separately as opposed to bundled. All the other ones get turned on at almost all of our customers."

The challenge, and the opportunity, for the VAR is helping their client pick the right size appliance. On the one hand, SMBs are always cost-conscious, especially in this economy, so they are going to look for the cheapest appliance they can get away with that still meets their needs.

That can be tricky. VAR sales reps and engineers need to be well schooled in factors that go into right-sizing an appliance -- traffic, usage fluctuations, number of connections, etc. You want to sell a bigger box, of course, but, more importantly, you don't want a company complaining to you that their network has slowed to a crawl because they bought low.

You also need to anticipate growth. Traffic tends to grow, not only as the business expands, but even if staffing and budgets remain flat. Ideally, you want to sell an appliance that can accommodate increased traffic and sell an upgrade when the business eventually requires it.

The security services sold and actually turned on are a critical factor in determining the right appliance. When you sell those security services and the additional revenue they bring in, you're also selling more powerful appliances. Vendor claims notwithstanding, it's very difficult to know what performance you'll get when everything's turned on.

"My customers tend to buy an entire package, and it's one of the things that gets us to up-sell to a larger box," said DiSpigno. "But if you turn it all on, you will get a little slowdown. That's where we go sometimes from the lower- to the middle-range appliances and say, 'Listen, it's not the cheapest, but based on what you want to do, if it isn't the right box today it will be in six months from now.'"

Dig Deeper on Managed network security services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.