WatchGuard Bets on XTM Appliance Security

The folks at WatchGuard Technologies say they have seen the future—and its name is extensible threat management, or XTM.

WatchGuard is banking that XTM is the next phase in development of UTM (unified threat management) devices. Essentially, XTM is UTM with a host of new features, including support for VOIP security, event correlation, and application and content filtering.

The idea, WatchGuard officials said, is to make network security flexible enough to proactively adapt to the needs of dynamic environments and ensure that appliances interoperate and support mixed network infrastructures. With XTM, administrators will have more flexibility to pick and choose the security policies, profiles and services that best meet their needs, said Chris McKie, director of global and analyst public relations at WatchGuard.

"Businesses have more and more remote and mobile workers, and are facing the continual consumerization of applications into their businesses," McKie said. "Skype is a great example. Many of these best-of-breed stand-alone devices lack common reputation services, which means security policies fail to follow users as they move from network systems to Web systems to messaging systems. Our approach is to simplify this challenge and allow businesses the ability to utilize mobile or Web 2.0 technologies, without sacrificing security in the process."

The concept is not a far leap—in fact WatchGuard admits the company has already been delivering on some of its XTM vision, such as HTTPS and VOIP support, in its current product line. The term XTM has been popularized by IDC analyst Charles Kolodgy, who has declared that XTM platforms will expand security features, networking capabilities and management flexibility and should provide automated processes such as logging and reputation-based protections.

But other analysts wondered what the big deal was from a product innovation standpoint, and just how the strategy would differentiate WatchGuard from its competitors. The most significant part of the announcement seems to be the move to add more Web threat protection, said Paul Roberts, an analyst with The 451 Group.

"The ability to choose protections a la carte already seems to be pretty standard, though most UTMs offer firewall, VPN, IDS/IPS [intrusion detection system/intrusion prevention system] and so on," Roberts said. "We're definitely seeing a lot of shuffling in this … UTM market—Fortinet buying database security technology from IPLocks, [and open-source software] vendor Untangle doing an OEM deal with Kaspersky [Lab] to target the low end of the UTM market."

WatchGuard wants to move from port and protocol protection and address larger security concerns around specific applications and users, McKie said. The company plans to release high-end XTM appliances later in 2008, and hopes ultimately to build a market for XTM among managed security service providers and other enterprises. The company also is considering providing a software platform similar to that of other extensible applications, so that third-party developers can create customized security applications tailor-made for WatchGuard's XTM offerings.

"The UTM designs of today will have to be more malleable, adaptable and proactive to address these issues … So, in summary, the differences of XTM versus UTM are going to be less on box speeds and feeds, and more on extending security, providing greater network functionality, and giving admins more management capabilities and user control," McKie said.