As buzzwords go, the security market contains more of them than a wasps’ nest, all flying around the industry at speed, often stinging people (in the pocket), and then dying out when the next wave of threats come along. Unified Threat Management (UTM) is a buzzword that has been flying around the security space for a couple of years, after the term was coined by analyst IDC in 2004.

According to IDC, the official definition of UTM is: “Products that include multiple security features integrated into one box. To be included in this category, [an appliance] must be able to perform network firewalling, network intrusion detection and prevention and gateway anti-virus. All of the capabilities in the appliance need not be used concurrently, but the functions must exist inherently in the appliance.”

However, in the past year it seems that everyone has a UTM offering to push to the channel.

As with most industries, all vendors want to deliver the killer product: one that keeps a company’s sensitive information secure, stops all known threats and even foils employees’ attempts to have fun at work by downloading information that leaves gateways wide open to attack.

But is performance suffering as a result? Are too many functions being crammed onto one box and actually defeating the object of UTM?

Channel players have a right to feel confused when it comes to UTM. But if they are confused, how on earth are end-users meant to understand what it is or what benefits it can bring?

UTM has long been pushed as an SME offering that saves cash-strapped firms time and money by having a ‘one box fits all’ approach to security. However, more and more enterprises are expressing an interest in the concept, but are reluctant to take the plunge unless they get a guaranteed best-of-breed offering.

Phil Keeling, country manager UK and Ireland at UTM appliance vendor Fortinet, said: “Since 2004, virtually every major security vendor has jumped on the UTM bandwagon. But few are truly integrated devices able to perform comprehensive network security at 10 Gigabit Ethernet speeds because the majority of devices lack the key prerequisite of a tightly woven proprietary hardware architecture.”

Keeling added that the industry has seen a rise in the number of products bundled together and pushed as UTM.

“We see a great many Frankenstein products coming onto the market bolted together on the back of strategic alliances between security players anxious to enter the sector,” he said.

He added that UTM is no longer just an all-in-one solution for SMEs.

“Although the SME is where most vendors pitch multi-function solutions, we have innovated our technology to escalate further up the value chain into the high-end,” he said. “The flexibility of truly integrated high-end UTM is extremely appealing to enterprises. In most cases, our partners win deals in response to RFPs [requests for proposals] that call for single-function solutions such as firewall, anti-virus or content filtering.”

Keeling said that larger firms are attracted to the performance, reliability and lower total cost of ownership of “true UTMs”.

“A simple hardware platform running disparate software solutions might be integrated enough to cope with the demands of SMEs, but big enterprises and service providers need never-fail integration that’s burned into silicon,” he said.

Simon Heron, director of vendor Network Box, said: “UTM is a hot topic, but few companies offer a truly unified solution. Even those that do, place a burden of ongoing monitoring and management on the companies that put solutions in place.”

Heron claimed that a unified approach is one that builds a solution from the ground up, integrating technology to provide a single protection appliance or service against threats.

“It’s simply not enough for security companies to plug gaps in their existing products by buying specialist companies and calling the result UTM,” he said. “Ultimately, the channel needs to ask what it really needs: a UTM product of what is just a series of products strung together, or an integrated UTM managed service that’s built from the ground upwards?”

Graham Welch, managing director EMEA at software vendor Sourcefire, said: “To an enterprise, UTM means the consolidation of best-of-breed applications, and vendors provide the platforms that do that. At the lower end – the SME level – UTM means something different. SMEs expect a black box with multiple applications on the device.”

But Welch claimed that performance can be hampered as a result.

“The biggest challenge with a multiple application environment is performance,” he said. “One of the biggest problems with UTM is the multiple number of times [email and web] traffic has to be inspected. We see the next generation of UTM actually being UTI [Unified Threat Inspection], where emails are inspected just once by multiple applications running on a device.

“Resellers have a challenge selling UTM. But when working with UTM platforms or devices, VARs need to consider the target market they are going after.”

Harnish Patel, senior vice-president EMEA at SurfControl, said: “We are well aware of the current ambiguity surrounding the term UTM. There is no universal definition and many vendors often take liberty with the term to craft it to fit their product offerings. At SurfControl, when we talk about UTM, we refer to IDC’s definition.”

Patel added that it is difficult to find a vendor in today’s market that is not responding to the trend of delivering integrated solutions.

“In particular, the leaders of this charge have been the firewall, intrusion prevention and VPN vendors,” he said. “That said, there are a number of other vendors in the web, messaging and virus space, and other content security solution providers that are following this pattern of aggregating security functionality that could broadly be described as UTM.”

According to Patel, the advantages of UTM include cost savings, interoperability in terms of reducing risk by having a single device from one vendor, and the fact that one device is easier to control. However, he said the downside included a lack of best-of-breed applications, lower performance and a single point of failure, which means if disaster strikes, everything will go down.

Patel added that organisations of all sizes and verticals have demonstrated an interest in UTM, but SurfControl has seen a stronger level of interest from the SME market, where pressures on resources are more acute.

“UTM has definitely made a difference in terms of meeting organisations’ basic demand for consolidation of security functionality into unified solutions from fewer vendors,” he said. “However, the evolution is not complete and vendors still have a long way to go to deliver on the promise.”

Paul Henry, vice-president of strategic accounts at Secure Computing, said vendors are still falling short of providing the best-of-breed element in a UTM solution.

“The UTM segment of the firewall market is the fastest-growing sector and has resulted in a large number of entries into the market that can at best be called premature entries,” he said. “Many vendors have chosen to build basic UTM functionality themselves or to use rudimentary open source solutions.”

However, Henry added that by undergoing a simple analysis of key questions when choosing a UTM offering, most resellers and customers can avoid throwing money down the drain.

He said that the UTM sector will continue to grow. “The UTM firewall fills an empty void in the market for SMEs that need the ease of use and lower total cost of ownership that can be afforded by a properly architected UTM appliance,” he said.

David Ellis, director of e-security at distributor Computerlinks, said: “We are seeing an emergence of different types of UTM products dependent upon the requirements of the various market sectors. In SME and mid-markets, customers are often prepared to compromise on functionality rather than running separate best-of-breed products. For example, having 80 per cent of the functionality at 20 to 30 per cent of the cost.”

However, at the high end of the market, Ellis said the trend is to deploy multi-vendor services on single, fast and resilient platforms. This gives the benefits of UTM without compromising on functionality.

“It is important to stress that when customers are looking at these devices, they should look at the quality of each service, rather than just accepting that a tick in the box is adequate,” he said. “There are big differences in functionality between a low-end UTM using a basic firewall and a high-end appliance, but this is not always apparent from a first look or from some vendors’ marketing.”

Marc Chambault, director of vendor partnerships at integrator Integralis, said performance was the biggest issue facing UTM vendors and their respective channel partners.

“All the major firewall VPN vendors such as Check Point, Juniper and Cisco are proposing UTM,” he said. “But the main issue that remains is the issue of performance. Adding a lot of technology creates latency and clogs the network at the perimeter.”

Chambault agreed that there is a lot of confusion surrounding UTM.

“Some vendors will only have anti-virus and VPN technology on their boxes,” he said. “But others provide secure socket layer VPN and other functionalities on top and often try to cram too many technologies into one box. Many customers will buy the technology and only deploy certain features; it depends on their requirements. UTM is not a revolution in terms of technology, it is an evolution of VPN firewalls.”

Innes Muir, Fortinet product manager at distributor Noxs, said: “I think the main stumbling block for other vendors claiming UTM functionality is the reliance on third-party products integrated into their solutions. In turn, this degrades performance and management capability.

“Many of our partners’ successful deals have not been through pitching the UTM solution as a whole, but more pitching any one of the disciplines allied to firewall functionality with a view to implementing the reminder at a later date. This results in value-add opportunities further down the road once existing implemented solutions become obsolete.”

Obviously, it is natural that vendors would claim no one firm has actually launched the perfect UTM offering yet. After all, competition is rife in the industry at the best of times, and no one is willing to admit that a rival has launched a better product than themselves.

However, it is ultimately down to VARs to convince their customers to look to UTM as a means of securing their company networks.

In addition, if consolidation continues in the security space at the same rate it has done over the past two months, more and more vendors are going to be piling all their existing and new technology onto one appliance.

It seems UTM really is like a wasp at a summer picnic: it will not be swatted away and will easily keep coming back until it makes its mark.