Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

UTM - Universal Transverse Mercator? Or Unified Threat Management?

I was reading Christopher Hoff's blog yesterday and got to pondering the use and usefulness of UTM and UTM architectures to the mid-to-large enterprise.
There's a lot to say on this topic, so I will confine myself to a couple of points. First, why would you even consider a UTM solution, Second who would own a UTM solution, and third what is with the different architectures.
Just to be entertaining, I'll start by pointing out that most readers I talk to wouldn't consider a UTM at this time. That doesn't mean most organizations wouldn't, there's a limit to the number I can stay in regular touch with and still get my job done, but it does say something about the market.

UTM is appealing in that you can slow down the steady spread of boxes that represent your security architecture. Now that doesn't mean you can eliminate function - you still need a firewall and an anti-spam device, etc. etc. It just means there are less physical boxes in your network. I'm not certain that is the bonus UTM providers think it is. You still have to manage the same number of apps, just in a smaller number of physical locations.

Greg Shipley rightly reminded me that most organizations struggle with ownership of UTM. Content inspection, Anti-virus, and Firewall are all generally controlled by different crowds in the enterprise, so if you choose a UTM solution, you'll have to arm-wrestle to see who has to maintain it. I'm voting for the auditors, they're not busy enough ;-). Or maybe that's just because I've never been an auditor.

The problem gets even more sticky when you look at the UTM architectures out there. Crossbeam, the company that Christopher works for, and whose blog started this train of thought, uses a blade server with best-of-breed applications as its solution. This can be good and can be bad. First off, you're going to have a cascading group of applications that have to crack the packet individually. Crossbeam argues that this problem is minimalized for them because they send packets to applications in parallel. That's cool, but the CPU usage is still up there. Less of a problem on a blade server, but they also sell 1U/2U solutions that might suffer from the CPU and memory requirements of several apps doing the same job over and over.

Other vendors have taken different routes. Cymphonix for example uses integration of solutions to leverage the UTM model - offering unified management and reporting that allows you to see at-a-glance what the overall security system is doing. The negative is that you'll be using only the software they've chosen or developed, probably meaning a rip-and-replace of your existing solutions. You do get the benefit of a single packet crack though, reducing overall CPU usage.

  • 1