UTM: more security, fewer boxes

Unified threat management converges many different network security devices into one, and while it's been a mature SMB technology for some time, it is now seeing increased use in large enterprises too.


Network security, traditionally handled by a collection of separate boxes, is evolving into unified threat management (UTM). "The driving force behind UTM is the need to simplify the environment," says Mike Rothman, president and principal analyst of Security Incite, and former META Group security analyst.

"Corporations have ended up with all these boxes -- firewalls, intrusion detection, antispam, antivirus, etc. -- each of which requires its own maintenance, updates, logs and so forth. UTM puts them all in a single box."

While UTM is a mature technology in smaller organisations, it's just beginning to see more use in large corporations. The issues of complexity and the associated expense are what drove early adopter CheckFree to UTM. A world-wide financial electronic commerce provider, CheckFree offers services including electronic bill presentment and payment for such large financial institutions as Bank of America and Wachovia over a network that processes more than 1 billion transactions annually.

"We manage a significant amount of transaction risk in our role as a trusted partner to thousands of financial institutions," says Rich Isenberg, director of security engineering at CheckFree. "As our online bill payment service began to experience hypergrowth, we needed to be able to scale effectively in response to growing transaction volume, and we decided to adopt UTM. CheckFree was using multiple individual security boxes, and the cost of maintaining separate boxes and training staff to manage each one became prohibitive as transaction volumes increased."

Still immature in big companies

Rothman warns that while "everybody has a UTM box today," large organisation UTM is still immature, and few companies have real solutions that provide advanced functionality in a unified system with a unified management interface. He cites Cisco and Crossbeam Systems as among the few leaders in this market.

"As we looked to the next generation of perimeter security, we wanted to make our operations more streamlined, more cost effective and more scaleable," says Isenberg. "We wanted to identify redundant, high-capacity hardware to handle our security devices. To find that solution we looked at both the market leaders and some new players entering the scene."

As an organisation that employs Six Sigma processes, CheckFree demands a high level of quality from implemented technology solutions. CheckFree devised a testing program using seven performance measures, based on actual transactions on its network, and hired an independent lab to test the vendors' technologies. The lab pushed each of the competing technologies to its breaking point, adding virtual users until the maximum number of concurrent sessions and new sessions per second was determined, based upon the failure to load a requested Web page.

"The test was to determine when each technology stopped serving customers," Isenberg said. "We were surprised to find Crossbeam outperformed everyone else."

At that time, Crossbeam was one of the new players in the security market, and CheckFree became one of its first customers. That also had advantages for CheckFree. As a key customer, it can command the attention of the senior management of the vendor. CheckFree has quarterly meetings with key vendors to ensure that the vendor's vision and direction matches CheckFree's needs, and the company receives fast response from Crossbeam.

Big benefit

With the UTM architecture in place and experience under his belt, Isenberg says one of the biggest benefits is that it comes in a single package. "What Crossbeam gives us is the ability to efficiently deliver secure B2B and consumer services. If we want to add a new service or scale security to keep pace with our growth, all we have to do is add a new blade to the Crossbeam chassis, rather than having to add a new hardware fault point to our network.

"The UTM implementation achieved consolidation, reduced complexity, improved firewall intrusion detection and provided load balancing integrated into a single system supporting multiple applications. It lowered operating costs and standardised our security platform globally," says Isenberg.

"That allowed us to maintain Six Sigma-level quality while handling more than one billion transactions a year in online bill payment services. We are a trusted partner for many of the world's largest banks, and the reason we have garnered this trust is because we can manage the risk of the financial transactions. We believe UTM gives us a significant quality advantage to handle the exploding growth of online bill payment services."

Find your next job with computerworld UK jobs