UTM (unified threat management) products or a next-generation firewall
(NGFW)? That’s a question. You may not distinguish between UTM and NGFW. Here we’d
like to share the article “UTM vs. NGFW in the enterprise” written by Kevin
Beaver from techtarget.com. What’s your opinion about this topic?
UTM vs. NGFW
in the enterprise
When it comes to unified threat management
systems, there are three main considerations I have seen during my work in the
field. First, given the form factor, the feature list of a UTM system is
impressive: firewalling, intrusion prevention, VPN, email content filtering, network
activity monitoring, malware protection and even data loss prevention (DLP).
In many situations, getting these important
security capabilities in one package is the only way to justify implementation;
purchasing standalone products for each area is just too costly. That said,
enterprises are probably not going to get the absolute best technology for each
of the security areas. Many vendors like to the think they're the best at
everything they offer, but experience has proven otherwise.
Second, each unique security system,
application and console an organization has to monitor takes away from other
work. Having to learn the interfaces, reporting, etc. for each of the vendor's
products can be just as much of a distraction. A single interface can be one of
the greatest selling points of unified threat management systems.
Lastly, enterprises must consider whether the
specific configuration will be a single point of network (and security) failure
or not. If so, how will this be addressed? Hardware and software are fairly
resilient these days, but there's also the human component -- someone doing
something incorrectly or at the wrong time may take the system down.
That said, there a few considerations around
NGFWs I see regularly in my work. First, NGFW granular application layer
features can help monitor and control the most complex of applications and
malware.
Additionally, presumably more mature threat
intelligence is available given the prevalence of NGFWs across large
enterprises and large government agencies.
The potential expense of NGFWs--in both
initial capital expenditures and ongoing operational costs--is a drawback of
the technology. It has been my experience that the larger the vendor, the
prouder it is of its products and service.
Lastly, if an organization has a person (or
team) managing its NGFW(s), then who's managing the security controls for other
security needs, such as DLP, VPN, email content filtering and the like?
Enterprises will likely have dedicated resources for those, which is good, as
they really need them to manage such diverse systems.
In UTM marketing circles, one of the common
selling points is that UTM is good for SMBs. If a company is trying to figure
out whether a UTM system can handle its network demands, don't assume that it
is only for small mom and pop shops with a handful, or perhaps a couple dozen,
of employees. I see plenty of businesses and government agencies that fall into
the SMB category, yet have relatively large networks and overall information
system complexity that rely on a UTM for much of their security controls.
Unified threat management systems are plenty
scalable and feature-rich for sizeable organizations.
Making the
decision: UTM vs. NGFW
In the end, the decision on purchasing a UTM
or NGFW should be based on risk and what your business needs most. The
following questions can help:
- Which
risks are you attempting to mitigate? If you cannot fully answer this,
you're not ready to buy just yet. Perform your risk assessment (technical
and operational) and determine what's at risk and what can be done about
it.
- What
are your network throughput numbers, service-level agreement requirements
and unique network visibility and control needs? Prospective vendors
should be able to help you map your requirements to their offerings.
- How
much time do you have to dedicate to deploying, managing and
troubleshooting these systems?
- What
are the independent test lab reports, product reviews and people using
these systems saying? You'll learn more about what's best for your
organization this way than through any other means.
The answers to these questions could very
well be contrary to what a vendor's sales engineer or account manager thinks is
best for you. Only your organization knows its network best; you know what's at
risk and what you're capable of doing about it. Get as many people involved as
you can and gather all the right information so you can decide on the solution
that best helps you meet your goals.
The best choice--UTM or NGFW--will emerge and
be quite obvious. Just don't get caught up in the semantics or vendor/analyst
hype. Remember, it's not wrong to choose a different product (or products)
altogether.
From http://searchsecurity.techtarget.com/tip/Finding-clarity-Unified-threat-management-systems-vs-next-gen-firewalls
Learn more: UTM vs. NGFW