Wednesday, November 29, 2017

UTM vs. NGFW in the Enterprise

UTM (unified threat management) products or a next-generation firewall (NGFW)? That’s a question. You may not distinguish between UTM and NGFW. Here we’d like to share the article “UTM vs. NGFW in the enterprise” written by Kevin Beaver from What’s your opinion about this topic?

UTM vs. NGFW in the enterprise

When it comes to unified threat management systems, there are three main considerations I have seen during my work in the field. First, given the form factor, the feature list of a UTM system is impressive: firewalling, intrusion prevention, VPN, email content filtering, network activity monitoring, malware protection and even data loss prevention (DLP).

In many situations, getting these important security capabilities in one package is the only way to justify implementation; purchasing standalone products for each area is just too costly. That said, enterprises are probably not going to get the absolute best technology for each of the security areas. Many vendors like to the think they're the best at everything they offer, but experience has proven otherwise.

Second, each unique security system, application and console an organization has to monitor takes away from other work. Having to learn the interfaces, reporting, etc. for each of the vendor's products can be just as much of a distraction. A single interface can be one of the greatest selling points of unified threat management systems.

Lastly, enterprises must consider whether the specific configuration will be a single point of network (and security) failure or not. If so, how will this be addressed? Hardware and software are fairly resilient these days, but there's also the human component -- someone doing something incorrectly or at the wrong time may take the system down.

That said, there a few considerations around NGFWs I see regularly in my work. First, NGFW granular application layer features can help monitor and control the most complex of applications and malware.

Additionally, presumably more mature threat intelligence is available given the prevalence of NGFWs across large enterprises and large government agencies.

The potential expense of NGFWs--in both initial capital expenditures and ongoing operational costs--is a drawback of the technology. It has been my experience that the larger the vendor, the prouder it is of its products and service.

Lastly, if an organization has a person (or team) managing its NGFW(s), then who's managing the security controls for other security needs, such as DLP, VPN, email content filtering and the like? Enterprises will likely have dedicated resources for those, which is good, as they really need them to manage such diverse systems.

In UTM marketing circles, one of the common selling points is that UTM is good for SMBs. If a company is trying to figure out whether a UTM system can handle its network demands, don't assume that it is only for small mom and pop shops with a handful, or perhaps a couple dozen, of employees. I see plenty of businesses and government agencies that fall into the SMB category, yet have relatively large networks and overall information system complexity that rely on a UTM for much of their security controls.

Unified threat management systems are plenty scalable and feature-rich for sizeable organizations.

Making the decision: UTM vs. NGFW
In the end, the decision on purchasing a UTM or NGFW should be based on risk and what your business needs most. The following questions can help:
  • Which risks are you attempting to mitigate? If you cannot fully answer this, you're not ready to buy just yet. Perform your risk assessment (technical and operational) and determine what's at risk and what can be done about it.
  • What are your network throughput numbers, service-level agreement requirements and unique network visibility and control needs? Prospective vendors should be able to help you map your requirements to their offerings.
  • How much time do you have to dedicate to deploying, managing and troubleshooting these systems?
  • What are the independent test lab reports, product reviews and people using these systems saying? You'll learn more about what's best for your organization this way than through any other means.
The answers to these questions could very well be contrary to what a vendor's sales engineer or account manager thinks is best for you. Only your organization knows its network best; you know what's at risk and what you're capable of doing about it. Get as many people involved as you can and gather all the right information so you can decide on the solution that best helps you meet your goals.
The best choice--UTM or NGFW--will emerge and be quite obvious. Just don't get caught up in the semantics or vendor/analyst hype. Remember, it's not wrong to choose a different product (or products) altogether.

Learn more: UTM vs. NGFW

1 comment: