Choosing a Unified Threat Management Vendor

While each organization will have its own criteria for choosing a Unified Threat Management vendor, performance and reliability are likely to rank highly on their list of criteria.  At the end of the day when choosing a Unified Threat Management vendor many companies will simply be looking for a product which does the job and does it reliably.  

The first and most obvious point to check when choosing a Unified Threat Management vendor is whether or not they are capable of supporting the core security features you require.  Typically these would include: a firewall, URL filtering and malware-detection capabilities.

It's important to remember that unified tools are generally good all-rounders rather than being top-performers in any particular field.  In other words, they are a bit like modern smartphones, which have decent cameras and decent music players, but which no professional photographer or DJ would consider using in place of dedicated, stand-alone devices. 

Many people however are perfectly happy with their smartphones, at least for day-to-day purposes, and UTM devices can work perfectly well, particularly in an SME environment.  If, however, your company fits into a particularly high risk profile, for example you have extensive access to sensitive data, or you are working in a controversial industry, then it may be better to look for individual, dedicated, solutions.

UTMs – a layered approach to IT security

Decent management controls are also likely to feature highly on any company's wish-list.  Given that the core market for UTM vendors is SMEs, which tend to have limited IT resources, it is usually important to make sure that the solution chosen can be managed by the IT team along with their current responsibilities. Of course, it can also be outsourced to technology support companies, such as Quadratek.

Forward thinking is necessary for IT support

The question essentially becomes: how simple does simple need to be?  In a very small company, realistically, a straightforward and basic web interface will probably be the best approach, as the IT team may very well be a one-or-two-person operation with limited skills and resources. In a bigger company, it may be more appropriate to look for solutions which have more options for customization and support; for example the ability to customize security according to the type of device if not at actual device level. 

Think about future-proofing.  Companies can scale up and down for various reasons.  As a rule of thumb, the greater the number of people in an organization, the higher the security requirements.  Basically, the more links there are in any chain, the greater the chance that one of them will break. 

Consider hardware SLAs

Companies with a reasonably stable workforce and plans for steady growth may be prepared to accept solutions which would require the purchase of new hardware if any significant changes were to be made, but companies whose business is more cyclical or who may potentially need to upscale operations at short notice should look for solutions which offer flexibility.

Look at the vendor's reputation.  Leaving aside support and service for a moment, look at the vendor's reputation in terms of product management.  The fact of the matter is that new security threats are emerging all the time, which means that companies in the market of IT security need to be constantly monitoring for them and updating their solutions, whether this means updating definitions of malware of creating a brand new product to cope with a brand new threat.

The current major players in the UTM world are all established brands and many of them offer UTM products in addition to standard networking equipment.  They have all demonstrated a commitment to ensuring a safe future for users of network-based services.  Smaller players and new entrants may add options and may have solutions which are every bit as good as their larger counterparts, but should arguably be looked at with particular care.

Reliable IT support

Once it has been established that a vendor can provide a reliable level of product management, then it is also worth looking at their reputation for service and support. In short, can they be relied on to be there for you when you need them?

Look carefully at whether or not a product will support your company's style of work.  If you are a small company with everyone working out of the same location, then your UTM needs will be fairly simple, but as soon as you start adding in extra business locations and/or home, mobile and remote working into the equation then you will either need to deploy UTMs at multiple locations or have a UTM solution which support sufficient VPN connections for your staff. 

This is also where previous comments about scalability can be important.  By the same token, if your company is makes use of Wi-Fi connections for any reason, then make sure that your UTM solution can support them.  Admittedly this is becoming increasingly common, but it never hurts to check.

ISO and other regulatory needs

Last but by no means least, it's important to be aware of any regulatory requirements and to make sure that your UTM solution is fully in compliance with them.  While regulatory requirements tend to be in line with the value of the data held by companies, for example they are hugely strict for companies which hold confidential financial data.  These days many companies are data controllers and need to comply fully with all the requirements of the Data Protection Act.

In short, everyone who uses any sort of network-based service needs online protection.  This applies as much to individuals as to organizations.  Choosing the right UTM can provide a simple, affordable and effective way for SMEs to manage these threats.  Companies in high-risk environments may be better using threat-specific products and either hiring the resources to manage these in house or out-sourcing IT security altogether.

Companies with large numbers of remote or mobile workers might do better with cloud-based security services, which often have straightforward web-based management tools.