Product Group Tests
UTMs: Still defining themselves
Is the UTM still a viable product type? I believe that unequivocally it is. There are some pretty solid players in the market and, as you will see from the reviews, they are turning out some top-drawer gear.
Full Group Summary
A few years back, I boldly predicted that UTMs would merge into a single product type with gateways and SIEMs. Boy, did I get that wrong! The UTM genre is alive and well.
Today, at minimum, we usually see firewall, anti-virus, intrusion prevention, email filtering, content filtering and application control. So I suppose that we could say that rather than merging with other product types, UTMs continue to redefine themselves.
Of course, the purposes for UTMs and SIEMs are quite different at their cores. UTMs are the merging of several types of security products into a single package, while SIEMs focus on different types of analysis. SIEMs provide data aggregation, forensic analysis, correlation, data retention - in the form of log collection.
That said, the number of competent UTM products has slipped over the years and now weve begun to see fewer products, but those are faster and smarter. The products that we saw this issue were, bar none, the best bunch that we have seen - ever.
There used to be one major objection to UTMs: They posed a single point of failure. Most UTM functions are in-line, so if they fail you have the option of breaking the connection (fail closed) or opening the connection without protection (fail open). Today, that usually is not a problem. Virtually all competent UTMs can be used with load balancing and redundancy so if a device fails closed the other takes over.
The first question I posit: Is the UTM still a viable product type? I believe that unequivocally it is. There are some pretty solid players in the market and, as you will see from the reviews, they are turning out some top-drawer gear. Also, we are seeing some pleasing innovation in UTMs and as they continue to evolve we will see more. This is an odd product type because it is still around, improving, refining and meeting the needs of the enterprise. My next question is how will the UTM market be affected by the cloud and by the evolution of the software-defined data centre. Virtualisation has affected just about everything in the security world, and it remains to be seen how some of the traditional hardware gateway-style systems will respond. There are a few virtual UTMs and it will be interesting to watch how they evolve.