Aberdeen: Unified Threat Management Can Shave IT Costs

Between August and September 2008, Aberdeen Group examined current industry practices for Unified Threat Management (UTM) technologies and services. The experiences and intentions of approximately 110 organizations from a diverse set of industries are represented in this study. Aberdeen supplemented this online survey effort with interviews with select survey respondents, gathering additional information on UTM strategies, experiences, and results.

Business Context
Aberdeen's recent research in Vulnerability Management sheds new light on how organizations are keeping pace with the never-ending flow of threats and vulnerabilities to their networks, computers, and application software.

The scale of the problem is massive: on average, industry sources reported more than 120 new vulnerability disclosures per week (nearly 90% of which could be exploited remotely over the network), and over 400,000 new examples of malware (including viruses, worms, back doors, key loggers, trojans, spyware, and rootkits) were identified in the last calendar year.

Aberdeen's research shows that trying to keep up with these vulnerabilities and threats is consuming about 14% of the average IT security budget. Most organizations are trying to balance the need to secure their IT infrastructure and safeguard their critical data with the need to increase efficiency and minimize total costs, a matter of heightened importance given the current challenges in our global economy.

Defining Unified Threat Management
Unified Threat Management (UTM) is an IT Security product category originally coined to describe the integration of multiple threat and vulnerability management functions within a single solution (typically, a network appliance). In other words, UTM reflects a deliberate shift:

In the current market, selecting a Unified Threat Management solution is like a box of chocolates … you never know what you're going to get. Baseline UTM functionality is generally agreed to include network firewall, anti-virus, intrusion detection / prevention, and virtual private network, i.e., core capabilities for securing your IT infrastructure. Aberdeen's research shows that buyer attention for new UTM functionality is clearly turning to capabilities that will help them address the many "channels" (including email, web, instant messaging, peer-to-peer file sharing, and voice over IP) for the potential loss or exposure of their sensitive data.

Vendors (and some analysts), in their efforts to explain and differentiate the expanding range of UTM offerings, have expanded their names for this solution category – including UTM, UTM+, UTM 2.0, Extended UTM, xTM, All-in-One Security, Multi-Function Security, and Integrated Security. This has been taken to the point of silliness, resulting in a confusing array of marketing messages and competitive positioning. All are aimed at a similar value proposition, however: secure your IT infrastructure, safeguard your critical data, and lower your total cost of management.Organizations should look past any confusion about names, however, to the tangible benefits that best-in-class companies are realizing from adopting the UTM approach. In the current study, companies with top performance gained significant advantages in the last 12 months over those with lagging performance:

Performance is essential ("UTM is either incredibly beneficial," commented one IT Admin, "Or it can take the network to its knees.") In terms of technical features, flexibility is what UTM is all about. An organization may initially deploy a UTM solution to address a specific problem, such as spam, but in doing so it has also established a flexible and cost-effective path for future expansion. It should also be noted that the features of the UTM must be at least adequate in comparison to those of the equivalent point solution (to avoid the "dancing bear" phenomenon: everyone wants to see it, but it doesn't actually dance very well).

Conventional wisdom is that based on factors such as cost and performance, UTM solutions appeal primarily to the small (less than $50M in annual revenue) or mid-sized (between $50M and $1B) segment of the market. Based on this study and data from The 2008 Aberdeen Report, however, current UTM deployments are well established in the large (>$1B) segment as well. Nearly half (48%) of respondents from large companies indicated current deployments of UTM, with a healthy 17% of large organizations indicating plans to deploy in the next 12 months. Overall, very strong year-over-year growth is projected to come from all size organizations, with the strongest relative growth coming as conventionally expected from the mid-sized and small segments. Regardless of company size, the sequence of steps summarized in Table 3 will help drive Best-in-class performance.

Current challenges in the global economy heighten the importance of balancing the unrelenting need to secure your IT infrastructure and safeguard your critical data, with the equally important need to increase efficiency and minimize total costs. The research confirms that Best-in-class performance in the UTM approach is one clear path to achieve both of these ends.

What are the factors driving the "unified" approach, versus the "dedicated" approach? Across all respondents, reducing cost and reducing complexity are the top drivers for adopting the UTM approach, along with the obvious need for specific functionality. Table 1 shows the factors identified by the research, listed in relative order of importance.

Once the UTM approach has been selected, however, what are the selection criteria for UTM solutions? Across all respondents, performance and technical features, cost considerations and vendor attributes are the leading UTM selection criteria identified in the research. Table 2 shows the leading selection criteria for UTM solutions, listed in relative order of importance.

Organizations should look past any confusion about names for the UTM solution category, to the tangible benefits that Best-in-class companies are realizing from adopting the UTM approach.

A complimentary copy of the full report is available through the end of November 2008 here.

A Word About Green UTM
Is there a "Green" element to Unified Threat Management? Based on the current study, the findings are mixed on this point. For example, cost is a leading driver of the UTM approach, but "reduced power consumption" (a legitimately green result) is viewed as much less important than reducing the total cost of management, support, and licenses compared to dedicated solutions.

At the same time, Best-in-class organizations rated "reduced power consumption" 14.2% higher compared to all respondents as a driver for selecting the "unified" versus the "dedicated" approach. Just as food, clothing and shelter take precedence in the hierarchy of human needs, it seems that once the enterprise needs for performance, security and cost are adequately addressed, the "green" aspects of UTM are genuinely appreciated by the companies with top results.

Derek E. Brink, CISSP, is Vice President & Research Fellow, IT Security at AberdeenGroup.