Unified Threat Management: The Secure SMBs Friend

By Larry Seltzer  |  Posted 2006-05-04 Print this article Print

Opinion: Analysts may argue over what should go into a UTM appliance, but a UTM appliance should definitely go into your small business.

I have an ongoing interest in products for small businesses, which I think have generally been shafted by the software industry over the years. Small-business owners are often forced to choose between products designed for lone consumers and those designed for massive enterprises. Security has been a great example of this phenomenon, but in some ways things have begun to get better. One category of product, more than any other, can contribute to the security of a small or medium-sized business: UTM (unified threat management).

A UTM appliance combines numerous security functions. Typically its a router and firewall, it performs network anti-virus scanning, it may do network intrusion detection and prevention, and it may run a VPN. Some UTMs also perform such functions as spam and content filtering.

UTM is all the rage in the security business, and theres a huge range of product complexity and price. PCMag reviewed several units last year and just tested one of a new line from ZyXel. All the big companies are in the business, either directly, as Symantec is, or through licensees, as McAfee and Trend are. My own Servgate Edgeforce Plus UTM runs licensed McAfee software. Ive also seen recent announcements from D-Link.

From my own experience, including working in small businesses, its tough to persuade the owner to get real milk for the coffee room, let alone real security for the computers. This is the real challenge for the industry, at least at certain sizes of business, say under 50 users. Thats the size of business where youd have a really hard time getting along without a full-time computer support person.

Remember, any company even this size will certainly have desktop security in place. It may be a horror to manage, but it may also have done the job so far. Even so, to a security professional the fact that UTM can provide redundant protection at the gateway is of obvious value, especially in as much as you can get it from a different vendor than the one providing your desktop protection. This greatly improves your protection.

Most people hear this and figure that they dont really need both a belt and suspenders, especially since theres another subscription cost in addition to the upfront cost. But good UTM can make such a difference that I expect them to be great sellers.

Check out eWEEK Labs review of the Symantec Gateway Security 1660 all-in-one appliance.

There can be big performance differences between UTM boxes, and performance is the subject of some debate. Some people argue that certain tasks performed by the box, the firewall and gateway mainly have become so commoditized that they should be run in a separate box. This allows the higher-value, performance-intensive functions like virus scanning to run unimpeded.

I could argue this both ways. Its true that gateway/firewall boxes can be had for very little, but these are probably the least performance-intensive functions on a UTM appliance. If your UTM product is slow, removing the firewall processing probably isnt going to make much of a difference. Take this argument to the next level and eventually were back in the enterprise market, where every security function is on its own gateway device.

Performance can be a big issue, especially when all the features are enabled on a box, and I havent seen a speed test on any of these products. But UTM appliances are computers, after all, and you should expect them to get faster over time just as computers get faster over time.

In the meantime, the reasons to buy one are still compelling: networkwide protection, a second source of protection besides your desktop vendor, access to extra features like content filtering, and easier management.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel