Unified Threat Management (UTM) is the fastest growing IT security market of all. But as it shoots up there’s a danger it might get difficult and volatile.

As with most IT subjects, if you scratch the surface of IT security you soon end up being bombarded with information. So much so, in fact, that you’re completely overwhelmed, and your brain gets full up and shuts down.

It’s called Denial of Surface. (DOS). It’s a tactic rampant in the IT industry. You keep people away from the top line questions, like ‘why do I need this?’ and snuff any life out of them by suffocating them with details. Soon the prospect will give up and sink to the bottom, where they will be dealt with by IT salesmen who will dot the I’s and cross the T’s on the contract the prospect/victim has surrendered into signing.

Then there’s the Trojans. You agree to meet with one person, but when you arrive at the restaurant they’ve set the table for eight! When your defenses are down, all eight manage to wriggle into the conversation and eventually they overpower you.

It’s often been said, this isn’t the information age, it’s the disinformation age. There’s far too much useless information being pumped at us. Whatever doesn’t help us, actually hinders us. The IT security sector, arguably, is especially guilty of this. Hype and technical jargon are the last refuge of the insecure, and the irony is that the IT security sector seems to be populated by some of the most insecure people on the planet.

IT managers call the deluge of alerts they have to deal with ‘false positives’. The channel hums with hysterical alarms. “Buy this technology or you’ll go to prison!” say the people who sell anti-hacking software. “Ignore our sales messages, and your online trading company will lose millions” shriek the publicity people for anti-intrusion specialists.

You can’t help sympathising with any poor IT or security manager who eventually turns a deaf ear to all this alarmist nonsense.

“There’s people threatening me with Trojans, anti-virus, denial of service, hacking, cracking, you name it,” laments IT manager Peter Beckley. “They all want a piece of me. If only I had a device that would fend off all IT salesmen!”

The tragedy is that the security dangers are very real. But there’s been so much hysteria, recently anyone with any purchasing responsibility is probably confused as hell by now, and paralysed by indecision.

Thankfully, the security sector is being rationalised now. UTM means you only have to speak to one vendor. SME organisations only need to buy one appliance, and that will see off all the anti-virus, firewall, intrusion and detection threats, and associated salesmen, in one.

This is a massive boon to the SME market. All their security problems are over. Finally, they can secure their companies. And they can manage the system too. At last, they can afford to run a tight ship.

Despite the fact that sales of UTM have been booming to date, the market is far from fulfilled. The latest report by market analyst IDC said this product category, which was only identified in 2004, is now worth £330m in worldwide sales. IDC analyst Charles Kolodgy has predicted that there will be a compound annual growth rate of this market at 15 per cent. “By 2007, 80 per cent of all networked security solutions will be supplied by a single appliance,” he said.

This is only the tip of the iceberg, predicts David Ellis, director of security at distributor Unipalm. There’s massive growth to come, as a single plug and play product will win mass appeal, he said. “The real sweet spot will be the small to medium-sized companies,” said Ellis. “If you can get one appliance to cover all the work that an IT manager is having to do now, they would bite your hand off.”

The beauty of the security appliance is that it removes all the donkey work, Ellis said. You don’t have to go through the laborious process of buying a PC for each user, installing all kinds of cards and software, then hardening the operating system and fine-tuning, then configuring out all the irrelevant options.

That’s great for the end-user, but what about the reseller? Won’t it take away the need for a reseller to come and install the product? “No, it just takes away the donkey work for them, too. There are plenty of opportunities to offer consultancy and services. We’re a long way from reaching a commodity market yet. In the meantime, security products are looking attractive to a vast range of new potential customers,” said Ellis.

There’s no danger yet that the hard pressed IT manager of an SME is going to take on the running of a security policy on their own. Security is a moveable feast. The landscape is in a constant state of flux as new threats emerge and new variants of viruses are thought up by hackers the world over. Every day a new criminal discovers the possibilities that computers are bringing to the criminal community.

Security is an increasingly complex issue, which needs simplifying if it’s to become affordable. Convergence of security products is going to open up a mass market. Better still, these new devices will give resellers the chance to go back to existing customers and upgrade them to these new, more manageable offerings.

It should be like falling off a log. “Resellers should be going back to their existing clients and offering to give them an upgrade that’s far more manageable,” said Mike Small, director of security strategy for Computer Associates. “It’s a pretty straightforward sale. The actual management of security products costs far more than the purchase of the kit. Most of our clients are large enterprises, and they welcome these savings, for a swap out that’s fairly painless.”

Small suggested that much of the current growth in the appliance market may be coming from enterprises that are upgrading and rationalising their security. These are easy sales, as much of the hard work has already been done and the reseller already has a good relationship with them. Repeat business is easy. Selling to SMEs is going to be a lot tougher.

The good news is that there are more sales being made in the SME market. Ian Kilpatrick, chairman of security distributor Wick Hill, reports that his company sees more units leaving his premises destined for SMEs than he does for enterprises. The bad news is that the margins are obviously a lot tougher. “Both the SME and the enterprise market are growing phenomenally. In terms of volume, the SME market is far bigger. In terms of revenue though, it’s the enterprise market that’s the bigger prospect.” Which tells its own story. You may want to chase the SME market, but be prepared to invest more time and money on making each sale.

Still, there are plenty of companies out there to help you. Security Mobile, for example, is a new player in the UTM market and is willing to invest in helping resellers get established. According to product director Lee Fisher, the company is anxious to recruit partners who appreciate that only the technically-minded really appreciate risk. That is why they have recruited people who have had experience in large IT departments, at companies such as EDS and CSC. The ability to relate to technical people will be the crucial skill needed when selling to enterprises, he argued.

“For example, 98 per cent of people use XP, but few people realise that there are different critical issues for each customer,” said Fisher. “We want partners who can make intelligent judgments, who understand that risk doesn’t stay the same all the time. It’s like catching a cold. If you’re outside all day, you’re more likely to catch a cold than if you’re in a warm office.”

Actually, the opposite is true. You’re more likely to catch a virus, resulting in colds or flu, if you’re confined to a small area, sharing breathing space with lots of other humans.

A better argument for using a new vendor, such as Net Devices for example, is that they address a new market in which everyone is going to have an even chance. Plug and play unified security devices are going to be a godsend to anyone who has to secure branch offices, for example.

This gives you a corporate client (as enterprises have the most branch offices) but it’s a plug and play product. So it’s an easy sale, but you enjoy the rich profit margins that you associate with selling to enterprises.

Gordon Young, managing director of Net Devices, has got a more punchy and tangible sounding business proposition. “There are three main pain points for anyone managing branch offices; the lack of resilience and redundancy, the powerlessness of the central manager to control remote devices when they hang, and the lack of centralised management. We’re bringing a solution to all of those.”

The key to this market, said Young, is to make everything immediately understandable. This is a principle that applies as much to selling the product as it does to actually designing it. That’s why, on a product level, Net Devices spent a lot of time making the interface as idiot proof as possible. Plus, this also explains why Young seems better at making the arguments clearer.

Distributor Interquad seems convinced. “Net Devices is the only security product we are working with. We’d only work with someone that has a clear story on helping companies consolidate and cut their costs,” said managing director, David Turner. Turner said the distributor will be pooling resources and funding joint marketing campaigns to help resellers exploit this market.

Ultimately, you will have to find a niche because the big players, such as SonicWall and Secure Computing are becoming increasingly dominant. SonicWall claims to be market leader, because it adapted to the new security market first. “There’s a big transition everyone has to make in selling security. The money to be made is in selling services based around a single platform, and that’s where half of our revenue comes from now. It’s a vital part of our growth plan,” said Keith Bird, managing director at SonicWall.

The real danger for resellers now is that companies are snapping each other up. Secure Computing recently bought CyberGuard, for example, so that it could have a complete security offering to put into one box. “It’s all going to be about market share soon,” warned Andy Phillpott, vice president at Secure Computing.

There are a lot of security companies with a one per cent market share, who might either be snapped up by a bigger player, or just unable to compete any longer. It may be dangerous to work with them. Then again, some of the bigger players might have a complete offering, but a closer inspection might reveal it’s actually a Frankenstein’s monster of a product, crudely cobbled together with various organs from different ‘donors’.

All in all, it’s enough to make anyone feel insecure.