Skip Links

UTM devices are making headway

Multifunction security gear reaps savings

By , Network World
September 25, 2008 06:24 PM ET

Network World - Customers using unified threat management devices say the appliances represent a more streamlined way to provide multiple security functions and to track down security data, but don't necessarily meet all gateway security needs adequately.

This category of equipment is about 4 years old and has really caught on — IDC projects more than $3 billion in sales in 2011 — with most firewall appliances supporting options that make them UTMs and offering a way to simplify networks by eliminating boxes. (Compare UTM products.)

For instance, the Columbia Association, a nonprofit government agency that oversees the planned city of Columbia, Md., switched this year to using Cisco ASA routers with UTM functionality that enabled the association to drop a VPN concentrator, firewall and intrusion-detection system — all Cisco gear — and the Cisco Security Agent software deployed on the association's servers.

Instead, the ASA performs all those functions, says Columbia Association’s IT director Nagaraj Reddi. Adopting the ASA to pick up the functionality of the individual products gave Reddi a way to quickly assess what otherwise would have been spread across four other platforms. "We had nothing to put these logs together," Reddi says. "Now we can monitor them all in one place."

This kind of unified reporting from UTMs can give a broad view of overall network health and activity, says Grant Nickle, the IT director for Underwriters Safety and Claims in Louisville, Ken., which uses an Astaro Security Gateway UTM. It replaces two devices — a Cisco PIX firewall and a Novell Border Manager proxy — and provides functionality the company lacked before, namely intrusion protection, gateway antivirus and SSL VPN.

Initially, Nickle was skeptical that the device could perform all of its functions well, but he says it does and generates an executive report daily that he finds valuable for its snapshot of the previous day's activity application by application. It reports concurrent traffic, CPU and memory use, the number of packets filtered and top users.

"It answers 95% of the questions I might have about the network," he says. For greater detail, he can drill down to the activity of a particular IP address or the top categories of blocked URLs. Before, he had to dump logs from Border Manager and sort them. The Astaro reporting makes it easier to find data he needs to voluntarily comply with Statement on Auditing Standards 70 requirements, which demonstrate to outside parties that companies follow accepted auditing procedures.

While consolidating functions on a single device has its upside, not all UTM users are satisfied that they provide the best protection. Cedarville University, a 3,000-student school in Cedarville, Ohio, uses paired SonicWall E7500 UTMs, and other gear that duplicates some of its functions is still desirable, says Nathan Hay, Cedarville’s network engineer.

In addition to firewalling the network, the UTM gear performs intrusion prevention, gateway, antispyware screening and URL filtering, Hay says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News