While each
organization will have its own criteria for choosing a Unified Threat
Management vendor, performance and reliability are likely to rank highly on
their list of criteria. At the end of
the day when choosing a Unified Threat Management vendor many companies will
simply be looking for a product which does the job and does it reliably.
The first
and most obvious point to check when choosing a Unified Threat Management
vendor is whether or not they are capable of supporting the core security features
you require. Typically these would
include: a firewall, URL filtering and malware-detection capabilities.
It’s
important to remember that unified tools are generally good all-rounders rather
than being top-performers in any particular field. In other words, they are a bit like modern
smartphones, which have decent cameras and decent music players, but which no
professional photographer or DJ would consider using in place of dedicated,
stand-alone devices.
Many people
however are perfectly happy with their smartphones, at least for day-to-day
purposes, and UTM devices can work perfectly well, particularly in an SME
environment. If, however, your company
fits into a particularly high risk profile, for example you have extensive
access to sensitive data, or you are working in a controversial industry, then
it may be better to look for individual, dedicated, solutions.
UTMs – a layered approach to IT
security
Decent
management controls are also likely to feature highly on any company’s
wish-list. Given that the core market
for UTM vendors is SMEs, which tend to have limited IT resources, it is usually
important to make sure that the solution chosen can be managed by the IT team
along with their current responsibilities. Of course, it can also be outsourced
to technology support companies, such as Quadratek.
Forward thinking is necessary for IT
support
The
question essentially becomes: how simple does simple need to be? In a very small company, realistically, a
straightforward and basic web interface will probably be the best approach, as
the IT team may very well be a one-or-two-person operation with limited skills
and resources. In a bigger company, it may be more appropriate to look for
solutions which have more options for customization and support; for example
the ability to customize security according to the type of device if not at
actual device level.
Think about
future-proofing. Companies can scale up
and down for various reasons. As a rule
of thumb, the greater the number of people in an organization, the higher the
security requirements. Basically, the
more links there are in any chain, the greater the chance that one of them will
break.
Consider hardware SLAs
Companies
with a reasonably stable workforce and plans for steady growth may be prepared
to accept solutions which would require the purchase of new hardware if any
significant changes were to be made, but companies whose business is more
cyclical or who may potentially need to upscale operations at short notice
should look for solutions which offer flexibility.
Look at the
vendor’s reputation. Leaving aside
support and service for a moment, look at the vendor’s reputation in terms of
product management. The fact of the
matter is that new security threats are emerging all the time, which means that
companies in the market of IT security need to be constantly monitoring for
them and updating their solutions, whether this means updating definitions of
malware of creating a brand new product to cope with a brand new threat.
The current
major players in the UTM world are all established brands and many of them
offer UTM products in addition to standard networking equipment. They have all demonstrated a commitment to
ensuring a safe future for users of network-based services. Smaller players and new entrants may add
options and may have solutions which are every bit as good as their larger
counterparts, but should arguably be looked at with particular care.
Reliable IT support
Once it has
been established that a vendor can provide a reliable level of product
management, then it is also worth looking at their reputation for service and
support. In short, can they be relied on to be there for you when you need
them?
Look
carefully at whether or not a product will support your company’s style of
work. If you are a small company with
everyone working out of the same location, then your UTM needs will be fairly
simple, but as soon as you start adding in extra business locations and/or
home, mobile and remote working into the equation then you will either need to
deploy UTMs at multiple locations or have a UTM solution which support
sufficient VPN connections for your staff.
This is
also where previous comments about scalability can be important. By the same token, if your company is makes
use of Wi-Fi connections for any reason, then make sure that your UTM solution
can support them. Admittedly this is
becoming increasingly common, but it never hurts to check.
ISO and other regulatory needs
Last but by
no means least, it’s important to be aware of any regulatory requirements and
to make sure that your UTM solution is fully in compliance with them. While regulatory requirements tend to be in
line with the value of the data held by companies, for example they are hugely
strict for companies which hold confidential financial data. These days many companies are data
controllers and need to comply fully with all the requirements of the Data
Protection Act.
In short,
everyone who uses any sort of network-based service needs online protection. This applies as much to individuals as to
organizations. Choosing the right UTM
can provide a simple, affordable and effective way for SMEs to manage these
threats. Companies in high-risk
environments may be better using threat-specific products and either hiring the
resources to manage these in house or out-sourcing IT security altogether.
Companies
with large numbers of remote or mobile workers might do better with cloud-based
security services, which often have straightforward web-based management tools.