Unified Threat Management Systems Marketplace

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free
download.

Unified Threat Management Systems
Marketplace

by James G. Barr

Docid: 00021368

Publication Date: 2109

Report Type: MARKET

Preview

Unified Threat Management (UTM) describes a category of security
appliances and cloud services that integrate network security functions
and features into a single network security platform. UTM appliances
typically combine firewall, gateway, anti-virus, intrusion prevention, and
more into a single solution. They are designed to protect enterprise
users from threats, including new and emerging blended threats, while
reducing complexity for the network engineers and system administrators
charged with maintaining them.

Executive Summary

[return to top of this
report]

In the nearly three decades since the Internet became an essential
resource for e-commerce and enterprise business operations, one persistent
and pernicious problem has plagued the World Wide Web: malware, or
malicious software. Whether in the form of computer viruses, worms,
Trojan horses, or increasingly sophisticated attack tools and information
grabbers like advanced persistent threats and botnets, enterprise
officials have been forced to erect higher and higher network barriers,
hoping to detect and deter the malevolent handiwork of hackers and other
cyber miscreants.

The whole affair has assumed the characteristics of a fencing competition
where the enterprise attempts to parry each hacker thrust with a
combination of hardware and software systems designed to keep the network
free of unwanted or unexpected elements. Many of the technologies
involved, including anti-virus, anti-spam, and intrusion detection (later
intrusion prevention) were only just invented, and, until recently, most
were delivered discretely through a set of specialized products or
services. In other words, the enterprise was compelled to procure and
integrate a variety of anti-malware solutions to affect a robust and
reliable network defense structure.

Erecting a network defense from so many disparate pieces, however, poses
a number of problems, including:

Inter-solution compatibility
Differing patch cycles and processes
Differing vendor support
The nagging concern that some virus or other bit of malware may be
able to negotiate a path in and around this not-so-tightly-coupled
collection of anti-malware solutions

Moreover, since every enterprise was availing itself of the same type of
anti-malware solutions (anti-virus, firewall, intrusion prevention, etc.),
customers began to clamor for a single integrated solution – a demand that
eventually manifested as Unified Threat Management.

Emerging around 2004, Unified Threat Management (UTM) describes a
category of security appliances and cloud services that integrate a range
of network security functions and features into a single network security
platform. (See Figure 1.) They are designed to protect enterprise
users from threats, including new and emerging blended threats, while
reducing complexity for the network engineers and system administrators
charged with maintaining them.

Note: Some vendors refer to UTM as Universal Threat Management.

Figure 1. A Conceptual Representation of a UTM

Source: Wikimedia Commons

Desired Features

While UTM capabilities vary according to the vendor, the ideal Unified
Threat Manager, as envisioned by Fortinet, offers the following:

Anti-virus to stop viruses, worms, Trojans, spyware, and other forms
of malware.

Anti-malware to block known malicious software. A Unified Threat
Manager “can … be configured to detect novel malware threats using
heuristic analysis, which involves rules that analyze the behavior and
characteristics of files. A UTM “can also use sandboxing as an
anti-malware measure.” A suspicious file is captured and confined to a
sandbox. “Even though the malware is allowed to run, the sandbox prevents
it from interacting with other programs in the computer.”

Firewalls to scan incoming and outgoing traffic for viruses,
malware, spam, phishing attacks, and other cyber threats.

Intrusion prevention to detect and deter cyber attacks. An
intrusion prevention system (IPS) “analyzes packets of data, looking for
patterns known to exist in threats. When one of these patterns is
recognized, the IPS stops the attack.”

Virtual private networking to establish "a private network
that tunnels through a public network, giving users the ability to send and
receive data through the public network without others seeing their data. All
transmissions are encrypted, so even if someone were to intercept the data, it
would be useless to them."

Web filtering to prevent users from visiting malicious,
questionable, or problematic websites.

Data loss prevention to detect data breaches and block “data
exfiltration,” or data removal, attempts.¹

Market Dynamics

[return to top of this
report]

Commonly Deployed Features

As reported by analyst Drew Robb, a Gartner analysis of UTM tools has
revealed the most commonly deployed features:

Firewall – 100 percent
URL filtering – 77 percent
Intrusion prevention – 70 percent
IP security – 63 percent
Web anti-virus – 51 percent
Secure sockets layer, application control, and virtual private
networking – 46 percent
User control, quality of service, and anti-spam – 41 percent ²

UTM or NGFW

Unified Threat Management vendors usually refer to their integrated
security solutions as Unified Threat Managers (UTMs) or Next-Generation
Firewalls (NGFWs).

As differentiated by WatchGuard Technologies, UTMs are engineered to
provide simplicity while NGFWs are designed to offer customization. “UTM
appliances provide out-of-the-box policies, management, and reporting
tools designed for ease of deployment and ongoing management while NGFW
appliances cater to organizations that wish to customize their security
policies and prefer manual reporting and management techniques.” ³

Hardware or Software

UTM solutions may be delivered as hardware appliances or virtual
(software) appliances, depending on which solution type best integrates
with a client’s IT and security infrastructure.

UTM Value Proposition

For prospective clients, the UTM value proposition is simple:

“One Stop Shopping” for anti-virus, firewall, intrusion prevention,
and other security functions.
Ease of deployment, owing to the all-in-one structure of UTM.
Discount pricing, which is easier to negotiate when only one vendor is
involved.⁴

Market Leaders

[return to top of this
report]

With a UTM, you can streamline the
way data is processed and use fewer resources at the same time.

– Fortinet ⁵

Market leaders in the UTM space include:

Barracuda
Check Point
Cisco
Fortinet
HP
IBM
Juniper Networks
SonicWall
Sophos
WatchGuard

Check Point Threat Prevention

Broadly representative of enterprise UTMs, the Check Point Threat
Prevention solution includes security features such as:

Firewall
Intrusion prevention
Anti-bot
Anti-virus
Application control
URL filtering
Virtual private networking
Data loss prevention
Identity awareness
Anti-spam

As described by the vendor, Threat Prevention incorporates the Check
Point’s SandBlast Threat Emulation and Threat Extraction technology:

The Threat Emulation engine detects malware at the exploit phase,
combining cloud-based CPU-level inspection and OS-level sandboxing to
prevent infection.
The Threat Extraction engine removes exploitable content, reconstructs
files to eliminate potential threats, and delivers sanitized content to
users.

Market Trends

[return to top of this
report]

Market Growth

MarketWatch expects the global Unified Threat Management market, valued
at approximately $5.17 billion in 2020, will reach $13.18 billion by 2027,
reflecting a robust compound annual growth rate (CAGR) of 14.3 percent
over the 2021-2027 forecast period.

Demand Surge

According to Transparency Market Research:

The continuing rise in cybercrime is fueling UTM spending, especially
in the Defense; Telecom; and Banking, Financial Services, and Insurance
(BFSI) sectors.
The integration of machine learning technology, with the promise of
even smarter security, is attracting new customers.
The all-in-one convenience of UTM security is convincing more
small-to-medium-sized businesses (SMBs) to invest.⁶

UTM Evolution

In the coming years, UTM vendors will likely double down on the UTM value
proposition, eventually creating a true need-nothing-else
appliance. Unfortunately, this will increase the resolve of hackers,
criminal gangs, even state-sponsored cyber criminals to penetrate UTM
defenses.

Strategic Planning Implications

[return to top of this
report]

Prior to Purchasing a UTM Solution

1. Narrow the potential provider pool to market-leading vendors.

2. Determine which security features the enterprise needs, and match
prospective products to those requirements.⁷

3. Identify three to five provider candidates and utilize the request for
proposal (RFP) vehicle to evaluate each provider and product. Critical criteria include:

Does the product satisfy enterprise compliance requirements, like
adherence to the EU General Data Protection Regulation (GDPR), the US
Health Insurance Portability and Accountability Act (HIPAA), or the
California Consumer Privacy Act (CCPA)?
Does the provider have formal incident management and business
continuity plans and procedures in place?
Is the product compatible with – and inter-operable with – existing
enterprise software and hardware?
Once installed, can the product be removed without undue business
disruptions?
Can a custom service level agreement (SLA) be negotiated?

4. After exercising due diligence, select a UTM provider and solution.

After Implementing a New UTM Solution

1. Provide enterprise security and IT personnel with the training – and
periodic re-training – required to service the UTM product.

2. Activate UTM features and functions according to need (to prevent
performance bottlenecks).

3. Promptly test and apply provider-supplied software patches.

4. Enlist an ethical hacker (EH) to attempt to penetrate UTM defenses. If
the EH is successful, cooperate with the provider to plug all UTM security
holes.

5. Monitor and measure UTM performance. Make “course corrections” as
required.

6. Keep up with UTM technology and solution developments by monitoring
the trade press, and visiting the US National Institute of Standards and
Technology (NIST) Computer Security Resource Center.

References

[return to top of this
report]

¹ “What Is Unified Threat Management (UTM)?” Fortinet, Inc.
2021.

² Drew Robb. “Best UTM Software of 2021: Unified Threat
Management Companies.” Enterprise Networking Planet. June 7, 2021.

³ “NGFW or UTM: How to Choose.” WatchGuard Technologies, Inc.
2021.

⁴ “Analysis of the Global Unified Threat Management (UTM)
Market.” Frost & Sullivan. November 2012:5.

⁵ “What Is Unified Threat Management (UTM)?” Fortinet, Inc.
2021.

⁶ “Unified Threat Management Market Covid-19 Impact Analysis,
Key Trends, Demand and Forecast till 2022.” Transparency Market Research |
Knnit. August 2, 2021.

⁷ Drew Robb. “Best UTM Software of 2021: Unified Threat
Management Companies.” Enterprise Networking Planet. June 7, 2021.

Web Links

[return to top of this
report]

Check Point Software Technologies: http://www.checkpoint.com/
International Organization for Standardization: http://www.iso.org/
SANS Institute: http://www.sans.org/
US National Institute for Standards and Technology: http://www.nist.gov/

[return to top of this
report]

About the Author

[return to top of this
report]

James G. Barr is a leading business continuity analyst
and business writer with more than 40 years’ IT experience. A member of
“Who’s Who in Finance and Industry,” Mr. Barr has designed, developed, and
deployed business continuity plans for a number of Fortune 500 firms. He
is the author of several books, including How to Succeed in Business
BY Really Trying, a member of Faulkner’s Advisory Panel, and a
senior editor for Faulkner’s Security Management Practices.
Mr. Barr can be reached via e-mail at jgbarr@faulkner.com.

[return to top of this
report]