X
Home & Office

UTM in Asia

I have UTM on my mind. As I travel through Asia these two weeks I am meeting with journalists, analysts, and large telecom providers and they all want to debate UTM (Unified Threat Management).
Written by Richard Stiennon, Contributor

I have UTM on my mind. As I travel through Asia these two weeks I am meeting with journalists, analysts, and large telecom providers and they all want to debate UTM (Unified Threat Management). Of course the usual best-of-breed versus "suite" issue is raised often. But, the most common concern is just one of perception: that UTM is for small businesses that do not have IT security specialists that could configure firewalls, IPS, AV, URL blocking. Whereas, large enterprises with existing staffs are going to continue to invest in stand alone solutions.

My own explanation for the fact that the UTM concept is slow to be picked up in Asia is that the overall investment in multiple security devices has been slow so the arguments made in favor of combining functionality don't work. UTM would mean adding *more* functionality, not consolidating existing security into one platform. But, as spam filtering becomes more important (Singapore just enacted their anti-spam act, Hong Kong is working on theirs) and as URL filtering becomes required to block threats, UTM will gain momentum.

Here is a great discussion on the drawbacks of multiple vendor UTM from a blogger who I met in Israel last February. Barry Shteiman points out that adding OEM'd components to a firewall platform (A la Cisco, Juniper, etc.) is inefficient and does not allow the UTM functions to work together. I like his discussion of "Real UTM". By "real" he means really unified. But I do not think there is any sort of RFC or standard that could be developed that would allow the various UTM components to chatter amongst themselves to get to better security. Remember when Checkpoint created Opsec to allow various devices to interface with Checkpoint firewalls? No one ever wanted to turn on the ability to let the IDS device, for instance, block the source of an attack. The integration was at too high a level. It changed policies in the firewall. That introduced great Denial of Service opportunities and was too scary. Barry's ideas line up pretty well with my article in SCMagazine last month. He even assumes advanced routing features in today's UTM which is not a given.

The BIG opportunity in Asia right now is next generation managed services. More on that later.

-From Tokyo

And the obligatory disclaimer: I am in marketing at a UTM vendor.

Editorial standards