UTMs – unified threat managers – have been with us in one form or another for some time. The earliest ones were multipurpose appliances and really were little more than a group of point solutions to various security challenges, packaged in the same server-grade appliances. Somewhere along the line, the term UTM was coined and, along with it, came a sort-of definition: UTMs had to have a firewall, anti-virus and a VPN. The next step was to start adding all sorts of gateway-applicable functionality – back to the multipurpose boxes – and now definitions seem to be drifting back to the original, more structured UTM description.
Today, we can pretty much trust Gartner when the analyst group tells us that a UTM has: ‘Firewall/intrusion prevention system (IPS)/virtual private network, secure web gateway security (URL filtering, web anti-virus) and messaging security (anti-spam, mail AV).'
However, even Gartner admits that we are still in the ‘point-solution-in-a-box' mode. The types of functionality described in the most current credible definition subsume most information security functionality anyway. That begs the question: how unified is unified? Judging by this year's crop of UTMs, pretty well unified.
The notion of the individual parts of a UTM working well together is sort of an expected goal. Over the course of UTM history, playing cooperatively with others was equally desirable, but somewhat more rare than it is today.
In with the new
We saw quite a range of possibilities in this year's batch. First, there are some indications that a large part of what makes a UTM what it is, is stabilising. That suggests maturity. The user interfaces are about the same as we are used to – with a bit of refinement in dashboards, perhaps – and the integration of functionality continues to improve.
The noticeable improvement came in two specific areas: defence in-depth and new functionality. UTMs have often been criticised – certainly by me – as killing defence in-depth since they place all of the security eggs at the perimeter in one basket. That is not necessarily true any more. Now we are seeing good integration with client-side protection, especially in anti-malware.
The second area – functionality – is growing as well. One of our reviewers observed that this year's batch seems to be heading towards the ‘super-appliance' that does everything security-wise in a single box. While we didn't witness any of these super-boxes this year, some are clearly heading in that direction. The added functionality is not radical, either. It is a refinement of what the traditional UTM already has, certainly of the UTM as defined today by Gartner.
As you make your decisions about which of these merit further attention, though, remember that at SC Labs we don't do shoot-outs. The products are not compared against each other. They are tested and graded on their own merits. What this means to you is that there may be a product that has exactly the feature set you want, we liked its performance, but it is a bit pricey. If price is much less a consideration than the other factors, this might be just what you need – even though it might not have received our most favourable review.
This is more important in UTMs because of the wide range of available functionality offered. In UTMs, functionality and performance to published specs are king and queen. If the device won't do exactly what you need – assuming, of course, that anything can – it is not worth following up, even if we have awarded it five stars for value for money. While that is always true to some extent with our products, it is particularly so in multi-function products, such as UTMs.
So, with all of that in mind, we commend our current crop of reviewed tools to your consideration. This is a large group – it almost always is – and the competition is fierce. However, we believe you will likely find answers here, even if not the perfect product.
The following reviews are the products that scored most highly. For the full range of reviews from the SC group test, go to: www.scmagazineuk.com/group-test/section/332