Can all-in-one systems ease security pains?

Integrated security appliances won't replace single-task systems, but the former are less complex and less costly to manage.
Written by Vivian Yeo, Contributor
The unified threat management (UTM) market is growing fast, and security vendors are making moves to tap on the expanded customer base.

According to Willie Low, IDC's Asia-Pacific market analyst for software research, the UTM market in the Asia-Pacific region (excluding Japan) is expected to grow at a compound annual growth rate of 43 percent between 2004 and 2009.

"For a long time, customers have been told best-of-breed is the way to go."
--Ken Low
3Com's AP senior manager for enterprise marketing

The projected growth rate for the UTM market is "much faster than the growth rates for firewall and intrusion detection and prevention appliance products", Low added.

The rollout of UTM appliances by vendors in recent weeks attest to the potential of the market. In November, Fortinet announced two security appliances in its FortiGate system family for large enterprise networks, while CheckPoint launched two products targeted at the small business market segment.

TippingPoint, the security arm of 3Com, last month also announced the debut of its UTM product. According to Ken Low, 3Com's Asia-Pacific senior manager for enterprise marketing, the appliance is the first-ever integrated security platform built on an intrusion prevention system. The traditional UTM appliance is built on a firewall.

"For a long time, customers have been told best-of-breed is the way to go… at the end of the day they want the very best," Low explained. "But there may be cases where they want a simple solution that has multiple security tools combined into one box, because they may not have the resources and manpower to manage so many products."

IDC's Low said integrated security appliances appear to match the needs of smaller businesses. "UTM solutions are attractive to small and medium-sized businesses (SMBs) due to benefits such as reduced complexity, combined protection against blended threats and lower costs."

However, he added, the deployment of UTM appliances by large organizations for remote offices and branch sites is not uncommon.

Drivers for adoption
One clear driver for the uptake of UTM appliances in the region is the lower cost of owning one single appliance, rather than multiple security devices. They are also easier to manage.

Said Hansen Chang, Fortinet's Asia-Pacific vice president: "Implementing UTM devices is often less challenging than installing software because administrators do not need to wrestle with the complexities of operating systems, such as tuning the kernel parameters, or ensuring that certain patch levels of software are installed for the OS.

Chang noted that a UTM appliance is typically set up by simply connecting the device to a network, and launching a browser to activate the system configuration.

The proliferation of viruses and worms and the increase in spam are also driving the adoption of UTM appliances in the Asia-Pacific region, say market observers.

"According to some studies, some viruses actually originate from Asia and a large proportion of spam also originate from this region," noted Chang. "This means that

companies can no longer afford to ignore security threats or even nuisances like spam, because they can 'choke' corporate networks and bring business down to a screeching halt."

Jon Kuhn, SonicWall's product line director, pointed out that enterprises in the region, particularly small-sized companies, do not have very effective means to deal with increasingly frequent virus attacks.

"In Southeast Asia, you have about 95 percent of SMBs using older firewall technology and data packet inspection technology, which do not look at all the traffic that's coming in and out of the network; they actually only inspect 2 percent of the traffic."

Kuhn also noted that UTM systems can help monitor and increase employee productivity. As technology becomes more pervasive in an organization, he said, business owners concerned with how much time their employees spend on the Internet and the Web sites they visit, can get some clear answers.

"By putting in UTM, you can gather a lot more intelligence--now that you're inspecting a lot more traffic--as to what employees are doing…to raise productivity and the efficiency of people," he explained.

Appeal of pure-play appliances
Despite its benefits, integrated security appliances are unlikely to eliminate the need for best-of-breed products, security vendors say.

Liran Eshel, chief executive officer of Check Point-subsidiary SofaWare Technologies, likened it to the home entertainment systems market, where there will always be customers who prefer all-in-one systems while others want multiple, separate systems.

"[The trend of doing away with single appliances] will be true for small businesses because they cannot afford the overheads of integrating and managing multiple security systems," said Eshel. "Larger enterprises, on the other hand, would always like to keep the option of multiple systems for their main office networks."

Said TippingPoint's Low: "Some businesses may have existing [standalone] products that they have no reason to get rid of, so to buy integrated appliances, they have to justify [the cost] to their management."

IDC's Low added that large enterprises that opt for dedicated appliances from best-of-breed vendors would likely be "concerned about the performance of UTM solutions for enterprise-wide protection".

SonicWall's Kuhn noted that regardless of the type of security appliances used, companies should remember to pay as much, if not more, attention to the security of their internal networks, instead of focusing solely on stopping external attacks from entering the corporate environment.

The Zotob episode was a good learning experience, he said, adding that the attacks spread as a result of businesses "not looking at their internal security as well as their external security".

"Security is not just about putting a brick wall between you and the Internet, but also attending to the security risks that are inherent in the internal networks," said Kuhn.

Editorial standards