Service provider takeaway: The value of an integrated security devices is becoming a reality as unified threat management technology matures. Learn how value-added resellers and their customers can benefit.
It's been 15 months since we last took a look at unified threat management (UTM). In the information security business, that's a lifetime. What, if anything, has changed in this market and how should value-added resellers (VARs) pitch the technology?
Back in 2006, UTM was a novelty. It made sense to put firewall, VPN and intrusion prevention system (IPS) functionality into a single box, managed by a single policy. But it was still a young market and there were questions about whether the products would scale, whether customers would have enough control and whether they'd be receptive to putting all their eggs in one basket.
As we look at the market in 2008, those concerns are gone. Now VARs need to discern why a customer wants separate devices, as opposed to an integrated UTM solution. After all, just because customers have all the functionality in one box doesn't mean they have to use it. Basically, a customer can buy a UTM device to upgrade a firewall or IPS and not turn on the other capabilities until they are ready. This approach has worked well for a lot of the channel. It enables you to continue to sell value to customers, working with them to determine whether it makes sense to run separate devices when they can get everything in one box with no impact on performance. Of course, you shouldn't care one way or the other. It's about what's best for the customer, right?
The maturation of the technology also bears mentioning. At this point, UTM devices are well-worn and field proven. They work. If the customer changes vendors, there may be some training necessary to get used to the new management interface, but it's still not that hard. The switching costs to migrate have come way down on these devices since 2006. It can get a bit complicated if the customer has a lot of custom firewall or IPS rules -- but they really should be trying to figure out if they need all those rules anyway, and take this opportunity to clean up the configuration if they can.
With the maturation of the technology comes the lack of technical differentiation. UTM devices are uniform now, especially in midmarket packaging. "Best of breed" is a misnomer. As the technology matures, there isn't a best of breed. All the devices revert to a standard set of capabilities.
This means that vendors need to be aggressive to build buzz in the channel. Yes, that means a lot of attractive promotions and sales performance incentive funds (SPIFs) for VARs to move their boxes. Each VAR has a lot of choice in the products they bring to their customers. Try to maximize the economics, especially as prices and margins compress while the technology continues to mature.
We've also seen a lot more functionality enter into the UTM platform. Growing beyond its traditional firewall/VPN, IPS and antivirus heritage, the devices now come with content security capabilities like antispam and Web filtering. There is also an option for wireless access points for single-box branch-office packaging and new SSL VPN capabilities to ease the configuration of the VPN function.
As new capabilities like backup, disaster recovery and WAN optimization start being integrated into the platform, we'll see more of the functionality trend. Some large enterprises may still opt for specialized gear because they can. Those organizations have the staff and budget to maintain separate operational groups for each of these functions, but most midmarket companies do not. So the more functionality we can slam into the UTM platform, the better.
We're also seeing a move by the open source industry to affect the UTM space. Companies like Astaro, Untangle and StillSecure provide a graphical wrapper around a number of mature open source network security tools. These offerings are driving the price down for customers, and the companies also have decent channel programs that garner some consideration.
Finally, carriers and managed service providers are increasingly getting into the UTM business. By providing a low-end, customer-based gateway as part of the service, the service provider can manage policy and ensure uptime on the device. While many VARs are looking to build their own managed services operations, those who don't want to can sell annuity services for someone else.
About the author
Mike Rothman is president and principal analyst of Security Incite, an industry analyst firm in Atlanta, and the author of The Pragmatic CSO: 12 Steps to Being a Security Master. Read his blog or reach him via email at mike.rothman (at) securityincite (dot) com.