Manage Learn to apply best practices and optimize your operations.

UTM implementation worst practices: Top five don'ts

Learn to avoid the five most common unified threat management implementation mistakes in this tip, and get advice on how to excel in the competitive security channel.

So far in our series on unified threat management (UTM), we've covered why UTM is a great opportunity for the channel, how to justify the cost of a new UTM device and how to position the migration to UTM for the customer. At this point, the customer is primed and ready to move forward with the UTM implementation. You've won the deal, procured the hardware, scheduled the implementation and now it's time to get it on.

But be careful; you are walking on a tight rope. By that, I'm referring to the fact that UTM will supplement or even supplant many of the security devices that are in place in the customer's perimeter. It's the first line of defense, and if that is porous, it's very problematic. The customer's network would be exposed, and it's a bad day for everyone involved.

The good news is that many of the common mistakes are fairly easy to avoid and, as such, a little care and a bit of planning will ensure the implementation goes smoothly. Let's go through the top five no-no's and make sure you are prepared.

  1. Do no harm -- Given the critical nature of what UTM does for customers in protecting their perimeter, this one is your primary imperative. First, the environment needs to be as secure as or more secure than when you started, especially if you're pulling security devices out of the network. When discussing migration [link], I spoke about doing a before and after test (either a vulnerability scan or an automated penetration test) to prove this to the customer.

    While you are in the mode of proving the implementation to the customer, you should also run a battery of tests to highlight the new capabilities that UTM brings to the table. Maybe it's intrusion prevention or perhaps antispam, but the manufacturer should be able to give you a testing harness to enable you to show the customer that their shiny new capabilities are engaged and protecting their environment.

    Remember, when you leave at the end of the implementation, you want the customer to feel as if they've significantly tightened up their security posture.

  2. Do not disrupt -- UTM devices examine both inbound and outbound traffic, so implementation is going to take down Internet connections and the like for a certain period of time. You don't want the rank-and-file to even know anything is going on, so you are best off scheduling the implementation during off-hours. That is pretty inconvenient for you, but your customer will certainly appreciate not impacting their work environment.
  3. Another thought in disruption is to make sure you have a fallback position. Meaning that in the (unlikely) event that you can't get the product implemented, you can easily go back to the prior state. Of course, having to start over is in no one's best interest, but being in the middle of a problematic install while the customer is waiting to get back online isn't exactly comfortable either.

    Finally, make sure to schedule any required end-user training well ahead of the install. If the new product provides antispam defense, for instance, and there will be a quarantine message sent out daily, you need to inform the end users. Put together flyers and schedule a demo, so there will be no surprises when the new capabilities are engaged.

  4. Not defining success -- The customer bought the product for a reason. What are their success criteria? How will they know it was a good investment? These are key questions to ask during the sales cycle. Make sure you are able to provide definitive answers during the install. You also want to give the customer a way to look good to his/her management. Whether it's showing how much time he/she isn't spending managing the devices or the fact that the new device caught new attacks -- the point is to make your customer look like a hero. I heard they like that.

  5. Forgetting the workflow -- Every customer has an established workflow for how they currently manage their network security environment. Implementing a UTM device is going to change it. So ahead of the install, spend a bit of time with the customer learning about their specific workflow.
  6. Then maybe spend an hour before the install putting in place new templates, customizing dashboards or laying out new reports, so when the product boots up there is a level of familiarity and comfort for the administrator. Sure, this takes a bit of extra time, and you could probably get away without going the extra mile. But in a business as competitive as the security channel, it's the intangibles that drive real customer loyalty.
  7. No knowledge transfer -- It's easier just to do everything yourself because you've done it before. You are under the gun; have three installs that day, and need to follow up on five or six technical RFPs, right? But, just as in forgetting the workflow (No. 4 above), taking the short cut and not teaching the customer everything they need to know is the wrong thing to do. Basically, you can do knowledge transfer now or take support calls later. It's your choice.

So before you leave, ensure the customer knows how to troubleshoot the device, can interface with the UTM manufacturer's customer support, and is capable of managing the environment once you step out the door. As that old adage says, "If you don't have time to do it right the first time, you'll be making time to do it again."

Clearly these tips represent a large dose of common sense and are applicable to projects outside of UTM. In fact, you probably know a lot of this stuff already and maybe even learned some of these lessons the hard way. But I'm a big fan of repetition because if you don't remember history, you are doomed to repeat it.

About the author
Mike Rothman is President and Principal Analyst of Security Incite, an independent information security research firm. Having spent over 15 years as an end-user advocate for global enterprises and mid-sized businesses, Mike's role is to educate and stimulate thought-provoking discussion on how information security contributes to core business imperatives. Prior to founding Security Incite, Mike was the first network security analyst at META Group and held executive level positions with CipherTrust, TruSecure, and was a founder of SHYM Technology. Mike is a frequent contributor for TechTarget and a highly regarded speaker on information security topics.


Dig Deeper on Cybersecurity risk assessment and management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.