UTM vs. NGFW in the Enterprise

UTM (unified threat management) products or a next-generation firewall (NGFW)? That’s a question. You may not distinguish between UTM and NGFW. Here we’d like to share the article “UTM vs. NGFW in the enterprise” written by Kevin Beaver from techtarget.com. What’s your opinion about this topic?

UTM vs. NGFW in the enterprise

When it comes to unified threat management systems, there are three main considerations I have seen during my work in the field. First, given the form factor, the feature list of a UTM system is impressive: firewalling, intrusion prevention, VPN, email content filtering, network activity monitoring, malware protection and even data loss prevention (DLP).

In many situations, getting these important security capabilities in one package is the only way to justify implementation; purchasing standalone products for each area is just too costly. That said, enterprises are probably not going to get the absolute best technology for each of the security areas. Many vendors like to the think they're the best at everything they offer, but experience has proven otherwise.

Second, each unique security system, application and console an organization has to monitor takes away from other work. Having to learn the interfaces, reporting, etc. for each of the vendor's products can be just as much of a distraction. A single interface can be one of the greatest selling points of unified threat management systems.

Lastly, enterprises must consider whether the specific configuration will be a single point of network (and security) failure or not. If so, how will this be addressed? Hardware and software are fairly resilient these days, but there's also the human component -- someone doing something incorrectly or at the wrong time may take the system down.

That said, there a few considerations around NGFWs I see regularly in my work. First, NGFW granular application layer features can help monitor and control the most complex of applications and malware.

Additionally, presumably more mature threat intelligence is available given the prevalence of NGFWs across large enterprises and large government agencies.

The potential expense of NGFWs--in both initial capital expenditures and ongoing operational costs--is a drawback of the technology. It has been my experience that the larger the vendor, the prouder it is of its products and service.

Lastly, if an organization has a person (or team) managing its NGFW(s), then who's managing the security controls for other security needs, such as DLP, VPN, email content filtering and the like? Enterprises will likely have dedicated resources for those, which is good, as they really need them to manage such diverse systems.

In UTM marketing circles, one of the common selling points is that UTM is good for SMBs. If a company is trying to figure out whether a UTM system can handle its network demands, don't assume that it is only for small mom and pop shops with a handful, or perhaps a couple dozen, of employees. I see plenty of businesses and government agencies that fall into the SMB category, yet have relatively large networks and overall information system complexity that rely on a UTM for much of their security controls.

Unified threat management systems are plenty scalable and feature-rich for sizeable organizations.

Making the decision: UTM vs. NGFW

In the end, the decision on purchasing a UTM or NGFW should be based on risk and what your business needs most. The following questions can help:

• Which risks are you attempting to mitigate? If you cannot fully answer this, you're not ready to buy just yet. Perform your risk assessment (technical and operational) and determine what's at risk and what can be done about it.
• What are your network throughput numbers, service-level agreement requirements and unique network visibility and control needs? Prospective vendors should be able to help you map your requirements to their offerings.
• How much time do you have to dedicate to deploying, managing and troubleshooting these systems?
• What are the independent test lab reports, product reviews and people using these systems saying? You'll learn more about what's best for your organization this way than through any other means.

The answers to these questions could very well be contrary to what a vendor's sales engineer or account manager thinks is best for you. Only your organization knows its network best; you know what's at risk and what you're capable of doing about it. Get as many people involved as you can and gather all the right information so you can decide on the solution that best helps you meet your goals.

The best choice--UTM or NGFW--will emerge and be quite obvious. Just don't get caught up in the semantics or vendor/analyst hype. Remember, it's not wrong to choose a different product (or products) altogether.

From http://searchsecurity.techtarget.com/tip/Finding-clarity-Unified-threat-management-systems-vs-next-gen-firewalls

Learn more: UTM vs. NGFW

Next-Generation Video and Voice Communications-Cisco IP Phone 8800 Series

 

Nine models are available with the IP Phone 8800 Series that range in their support to address the needs of knowledge workers, managers, executives and customer care staff.

  Specialty deployments are supported for audio conference rooms and in-campus mobile workers in rigorous work environments.

  The 8800 Series includes desk phone models 8811, 8841, 8845, 8851, 8861, 8865. Specialty models include IP Conference Phone 8832 for executive offices and midsized-to-large conference rooms, and the 8821 and 8821-EX for in-campus mobile workers. The 8845 and 8865 support entry to 720p HD video.

Cisco 8800 IP Phones for a variety of needs

The 8800 Series is ideal for knowledge workers, administrative and executive staff. It works well in open workspaces, large conference rooms and executive offices and with actively mobile workers within a campus. Choice of two user experiences add flexibility.

High-quality video, voice, and mobile communications for every user

Our global, 24-hour economy calls for anytime, anywhere access by employees.

Whether you are working from a primary or shared desk in an office, are teleworking from home, are mobile within a campus, or are in a team meeting in a conference room, desktop endpoints and their capabilities remain very important business tools. With multiple investment priorities, such as migration to the cloud and adoption of collaborative team applications, businesses today need to ensure that desktop investments can not only drive cost efficiencies and faster feature delivery, but also increase user productivity with a superior experience.

That’s where the Cisco IP Phone 8800 Series comes in.

This next generation IP phone portfolio, designed for small to very large businesses, delivers advanced, cost-effective, reliable, secure, and scalable high-quality Voice over IP (VoIP) communications on all models.

It also provides on select models:

(1) affordable entry to High-Definition (HD) video communications;

(2) integration of telephony features with personal mobile devices using Cisco Intelligent Proximity technology;

(3) support for in-campus mobile workers who require more rugged and resilient communication devices due to their rigorous work roles and environments.

The breadth of the 8800 Series portfolio, their sleek and ergonomically friendly design, enhanced user experience, and superb audio performance distinguish these IP phones from any other offerings on the market today.

Feature highlights

• Superb audio: Enjoy the best audio performance of any IP phone Cisco has ever produced, with ETSI² compliance for echo cancellation and vibration isolation technology for both microphone and speaker.

• Intuitive, ergonomic design: Rounded keys increase tactile feel to reduce misdials, and wide-screen high-resolution backlit displays make for easier viewing and navigation. The phone software provides menus and notifications that are more visually appealing. End users have their choice of two experience modes for interacting with their phone.³ Context-sensitive soft-label keys and a five-way navigation cluster enhance employee efficiency.

• Mobile device integration with Cisco Intelligent Proximity: Four of the 8800 Series models support Cisco Intelligent Proximity for Mobile Voice. This feature enables employees to import contacts and call history from their personal mobile devices to these select models over Bluetooth. Users can even move the audio portion of an active voice or video call from their personal mobile device to these phones for better-quality sound when at their desks. And they can keep their personal mobile devices charged, to stay connected when on the go; through a USB port on select 8800 Series models.

• Key expansion modules for scalability: Unique to the 8800 Series, the new Cisco IP Phone 8800 Key Expansion Modules (also referred to as “sidecars”) for the 8851, 8861, and 8865 phones offer 28 additional programmable line or feature keys beyond the 5 to 10 keys that come standard with these phones.⁵ These new modules support both Session Line Mode (SLM) and Enhanced Line Mode (ELM) user experiences for greater deployment flexibility and user comfort. Up to three expansion modules are supported, for a total of up to 84 additional line or feature keys.⁶

• Flexible deployment options: Support your Cisco deployment model(s) of choice, whether on-premises, in the cloud with Cisco Spark, or in a hybrid configuration. Select 8800 Series models also support third-party on-premises and hosted UC-as-a-Service (UCaaS) from Cisco approved and certified providers.⁷

Cisco IP Phone 8800 Series: An overview

The Cisco IP Phone 8800 Series offers six advanced models of desk phones in your choice of charcoal or white, an audio conferencing endpoint for small to large conference rooms up to 1140 sq. ft. (106 sq. m.), and two ruggedized exterior 802.11 wireless handsets, in charcoal and yellow that are designed for in-campus mobile workers who work in more rigorous and/or hazardous settings.

The desk endpoints all provide between 5 and 10 lines⁴ and support both on-premises and cloud deployments – regardless of whether workers are at a campus or work from home. All of the desk models feature 5-in. (127-mm) wide-screen, graphical displays, and most models support color display presentation. Gigabit Ethernet is standard on most phones for reduced administration. Select models deliver 720p HD video, USB and Bluetooth for support of third-party compatible headsets, telephony feature integration with personal mobile devices, and support for optional key expansion modules that provide additional programmable lines and feature keys.

The new 8832 audio conferencing endpoint combines superior HD audio performance and 360-degree coverage for small to large conference rooms and executive offices. Initial support will be up to 26 participants in a conference room, expanding up to 42 participants.⁸

It features full-duplex two-way wideband audio, an integrated dialpad, a large mute key for access from all sides of the endpoint and rounded edges for ease of handling.

The 8821 and 8821-EX wireless LAN handsets are sleek and lightweight and come with a 2.4-in. (6.1-cm) high-resolution graphical display.

They are sealed against dust and water.⁹ Both handsets comply with military standard 810G for added resilience when deployed in more industrial environments. Extensible Authentication Protocol – Transport Layer Security (EAP-TLS) 1.2 and Secure Hash Algorithm 2 (SHA-2) support more secure communications and authentication, while roaming is enhanced with Fast Transition (802.11r). The EX model is also compliant with nonsparking standards, even when temporarily exposed to hazardous atmospheric environments.¹⁰

² European Telecommunications Standards Institute.

³ Session Line Mode (SLM) and Enhanced Line Mode (ELM) are available on most models. Support excludes the 8831 and 8832 conference phones and ELM on the 8821 and 8821-EX WLAN handsets.

⁴ Number of lines on desk endpoints depends on whether SLM or ELM user experience is selected.

⁵ The number of keys (5 or 10) depends on the choice of SLM or ELM mode. The new key expansion modules for 8851/8861 phones and the module for the 8865 video phone support both modes.

⁶ The number of key modules and total number of line or feature keys depends on the phone model and user experience mode selected.

⁷ Contact your authorized Cisco representative for further details.

⁸Initial support up to 800 sq. ft/74 sq. m. in CYQ3 2017 for select markets. In CYQ4 2017, extends up to 1140 sq. ft/106 sq. m and up to 42 participants for select markets. Contact your Cisco representative for details on regional availability.

⁹Both models are International Protection Standard (IP67) rated for dirt and water resistance.

¹⁰ATEX Zone 1/Class 2 and CSA Zone 1/Division II compliant.

Compare Models-Specifications at a Glance

The IP Phone 8800 Series provides high-quality, secure, full-featured video and VoIP communications. See which models offer HD video and support in-campus mobile workers over wireless LAN.

	8811	8832	8841	8845	8851	8861	8865
High-def Video (720p)	No	No	No	Yes	No	No	Yes
Integral switch	Gigabit	No	Gigabit	Gigabit	Gigabit	Gigabit	Gigabit
Programmable (line) keys	5	1	5	5	5	5	5
Bluetooth/DECT	No	DECT (mics)	No	Bluetooth	Bluetooth	Bluetooth	Bluetooth
Cisco Intelligent Proximity	No	No	No	Yes	Yes	Yes	Yes
USB (physical ports)	No	Yes (1): USB-C	No	No	Yes (1)	Yes (2)	Yes (2)
KEM	No	No	No	No	Yes (2)	Yes (3)	Yes (3)
Wi-Fi (802.11n)	No	No	No	No	No	Yes	Yes
Wall-mountable	Yes	No	Yes	Yes	Yes	Yes	Yes

Get the Best Prices on Cisco IP Phone 8800 Models

More Related…

Cisco IP Phone 7800 and 8800 Series-Security Features for Today

What’s New on Cisco IP Phone 8800 Series

Updated: Cisco IP Phone 7800 Series

IP Phone 8861 vs. IP Phone 8851 vs. IP Phone 8841

Cisco IP Phone 7861 vs. Cisco IP Phone 7841 vs. Cisco IP Phone 7821

How to Save Power on Cisco IP Phones?