All-in-one security devices face challenges

The multipurpose security appliances that consolidate firewall/VPN, content filtering, intrusion prevention and more into a single box are winning favor as easy-to-manage devices. But the open secret about these unified threat management (UTM) appliances is that they take a bite out of bandwidth as they inspect content.

It's not uncommon for UTM products on the market today to suffer as much as a 50% loss in performance as the full panoply of security services is put to use. That’s a situation acknowledged by UTM vendors, which sometimes advise customers to compensate by getting higher-bandwidth devices than they ordinarily might need.

“When you turn on all the services, the speed is impacted,” says John Kuhn, product line manager at SonicWall, whose UTM products range in bandwidth support from tens of megabit per second to more than one gigabit. “Absolutely there is a performance consideration, and it could be a 50% loss.”

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The multipurpose security appliances that consolidate firewall/VPN, content filtering, intrusion prevention and more into a single box are winning favor as easy-to-manage devices. But the open secret about these unified threat management (UTM) appliances is that they take a bite out of bandwidth as they inspect content.

It's not uncommon for UTM products on the market today to suffer as much as a 50% loss in performance as the full panoply of security services is put to use. That’s a situation acknowledged by UTM vendors, which sometimes advise customers to compensate by getting higher-bandwidth devices than they ordinarily might need.

“When you turn on all the services, the speed is impacted,” says John Kuhn, product line manager at SonicWall, whose UTM products range in bandwidth support from tens of megabit per second to more than one gigabit. “Absolutely there is a performance consideration, and it could be a 50% loss.”

And what’s true for a UTM appliance at the low end is also true at the high end with appliances that attain multi-gigabit speeds.

“You pay a performance penalty as you go deeper into the content, and you could lose half the performance,” acknowledges Chris Roekl, vice president of corporate marketing at UTM vendor Fortinet. Fortinet’s FortiGate line of UTM devices support speeds from 10Mbps to 48Gbps.

Several other UTM appliance vendors, including Internet Security Systems (ISS), Secure Computing and Symantec, are equally blunt that customers could experience as much as a 50% performance loss in speed.

“In general, it’s more like 10% but 50% is possible,” says Mark Butler, director of product marketing at ISS, which offers three multifunction security appliances in its Proventia line.

“The approach we take is we size [the appliance] according to the number of users we have to support,” Butler says, noting about the latest ISS products that the Proventia MX 1004 supports 100 concurrent users, the MX 3006 as many as 250 concurrent users and the MX 5010 as many as 500 concurrent users.

Cisco, which offers various models of its Adaptive Security Appliance (ASA) that tops out at 1.2Gbps, is reluctant to admit more than a 10% performance hit.

Despite any drawbacks associated with bandwidth, UTM seems to be here to stay. UTM is the phrase coined two years ago by Charles Kolodgy, security analyst at research firm IDC, for the multi-purpose security appliance whose basic foundation is a firewall or firewall/VPN.

“It has to have a firewall/VPN, and gateway antivirus and preferably intrusion prevention,” says Kolodgy, who estimates the UTM market will reach about $850 million by year-end, up from $700 million last year.

While Fortinet leads at the high end and SonicWall at the low end, Kolodgy says, this still-nascent market is changing rapidly with Cisco’s ASA appliance, which debuted a year ago shaking up the low end.

UTM appliances vary considerably from vendor to vendor. Some vendors making UTM products must partner with other security firms to support antivirus, or other content-filtering, on their UTM products when they don’t have the technology in-house.