UTM accelerated – Is the performance ready for widespread adoption?

When security vendors began to seek a combination of traditional layer 3 / layer 4 security technologies with application-based inspection engines almost a decade ago, the result was the birth of the now understood product offerings known as Unified Threat Management, or UTM.  Since the technology influencers, vendors and analyst community assigned the moniker in early 2000, UTM has seen a tremendous growth and success in adoption by various customers worldwide.

When we look through the evolution of UTM, it is easy to understand how this technology was initially positioned, and today still carries a connotation of Small / Medium Business (SMB). In truth, the first products were targeted at SMB customers for a couple of reasons:

1. Economics – As many small businesses struggle with balancing profit vs. the cost of operating their businesses, they often look for the products and services that provide the biggest “bang for the buck”.  This is one of the main benefits offered by UTM products as they integrate multiple security features like firewall, VPN, antivirus, intrusion prevention (IPS) and a host of additional security elements into a single product.  This means that instead of purchasing many solutions to fend of the barrage of security attacks, they need only invest in one – UTM.
2. State of the technology – After the UTM term was uniformly adopted by the industry, in the early days it opened the floodgates for entrepreneurs trying to capitalize on this growing market, and the barrage of software-based solutions exploded. Many of these were a simple combination of off-the-shelf packages thrown together under a common management interface.  This provided a barrier for many, as they were not scalable enough to meet the demands of medium and large enterprise businesses.

Given the early roots and initial attempts by software UTM vendors, it created an inappropriate connotation of SMB for UTM.  This unfortunately is not the case, especially for vendors that helped shaped the vision of UTM and saw that custom hardware, ASIC acceleration and an integrated approach to security features would pave the way for high-performance UTM that are viable replacements and alternatives to aging layer 3/4 security infrastructures.

Consider a parallel evolution in security technology history with respect to the convergence of firewall and VPN technologies.  When the VPN world began to evolve, the networking and security vendors produced effective, scalable VPN concentrator products that delivered on their promise – high-performance, secure, remote communications.  Today, it would be almost absurd to think of firewalls and VPNs as separate appliances.  This begs the question as to how and why this convergence occurred.  One proposition is that the computing power requirements to support firewall processing and VPN encryption were met with advances in hardware acceleration, therefore allowing the combination we are familiar with today.  Obviously technology maturity was a major factor, and you can argue that the combination made logical sense as these technologies are typically deployed together at a security border.

Now, if you consider the combination of firewall/VPN as a valid combination based on the result of advances in technology supporting the complex processing required, it goes to reason that the same should be said for UTM.  In fact, vendors that are focused on UTM will argue that they are building on that same philosophy.  Development in hardware based platforms that employ purpose-built custom ASICs with integrated security software are able to deliver high-performance UTM solutions, breaking the previous adoption barriers for medium and large enterprises.

Recent UTM products introduced into the industry have proven that not only are they capable of delivering comprehensive security, far superior to traditional firewall/VPN devices, but they are able to keep pace with network infrastructure demands of the largest networks.  Solutions available today designed for mid-range and high-end enterprises utilize state-of-the-art custom silicon (ASICs) to accelerate application content inspection, allowing for multi-features security processing without grinding network performance to a halt.  Additional advances in blade-based products with load distribution capabilities provide multi-Gigabit performance for UTM and show the ability to deliver up to 10-Gig and beyond performance capabilities today with an estimated 10 fold increase in the near term.

The lesson: We should consider advances in UTM good for the industry and not believe the naysayers who urge us to believe that UTM is SMB.  The proof is in the pudding, and I would urge any customer looking at security infrastructure upgrades to evaluate a UTM product both on security features as well as performance – I believe many will surely be surprised with the result.