Unified Threat Management (UTM)
Some people are touting UTM as the end-all, be-all of network security and I don’t know that we’ll have something like that for quite some time. There are so many things that go into network security that I just can’t see a single system doing everything we need.
I also am hesitant to believe that a single vendor has the R&D backing that is required for such a solution to be viable long-term. Think about it; how many researchers, analysts, etc do you think Symantec or McAffee employ just to stay on top of malware? How many of the same does Tipping Point or ISS employ to stay on top of exploits, application and OS vulnerabilities, malware, etc? Don’t forget about the teams they’ll need to keep up with security intelligence (by infiltrating hacking groups, etc). Could a single company employ a sufficiently skilled team that keeps up with all current and future threats to a level acceptable and to continue to add value to the sole product your company is going to rely on for network security?
UTM for me smells a bit like the scanner/copier/printer/memory-card-reader my mother buys every year. Each year she buys a new one from a different vendor and each year she gets some crappy device that does one role well and the rest just ‘okay’ and they always break down in about a year. Do we want this from a security solution? I don’t.
However, I also don’t want security sprawl. I’m already working in four or more consoles every day and every friggin’ one of them requires a different version of Java or they require active-x which sucks if you’re a mac user, like me. I would like to have one management/analysis console for everything so that I have, in one glance, an idea of the status of my network. UTM is heading down that road and hopefully the right vendors will make the right moves to be able to provide a viable product.
I’ve found some useful information about UTM on the following pages:
