Vendors chasing the UTM Dream

It was joie de vivre for the cyber-villains till now of 2009. Both large corporations and small companies bore the brunt of cyber break-ins. The year 2010 promises to be no different. On the contrary, security experts are of the view that such threats may worsen.

As the danger of threats becoming more complex and innovative looms large with each passing year, the need for a sophisticated and simple security system is increasingly being felt across the world in an effort to stay a step ahead.
In the information technology, security technology has come a long way from a rudimentary form of desktop security – that is, antivirus, then firewall, IDS, IPS, anti-spyware, URL filtering, etc. And, today, people are talking about Unified Threat Management or UTM, an integrated security product with multifunctional services.

“Security threats are evolving as organisations and technology are evolving. Information security has gone from a technology issue to a business issue, representing a more significant cost and operational challenge, but a fundamental business enabler as well. Organizations are beginning to see the importance in implementing formal programmes to reduce IT risk, especially security and compliance risks. Organisations are looking at mitigating risk at a device, network, operational and cultural manner,” says Prem Nithin, Sr. Technical Consultant, Cisco, India & SAARC.

UTM, like many other IT products, has grown very fast. The market has accepted UTM obviously because of its natural advantage over standalone products and the vendors, who were traditionally strong in security solutions, all have stepped into the ring of UTM bout. And, it is a worldwide phenomenon.

Today, India, with a large market for other IT products, offers a huge market for UTM. All the worldwide large players including Cisco, Fortinet, SonicWALL, Check Point, etc. are present in this market and investing to make it popular. And, it is good to see that all the vendors are distinct from each other so far as their products are concerned. Of course, UTM is not a product. Actually, it is a solution in an appliance.

"As rightly said UTM solution is more of a strategic product rather than a regular smart traditional security product. D-Link aims to provide E2E (end to end) solution in security management," says Mr. Raj Jadhav, VP- Solution Consulting, Tech-Support & IT, D-Link (India) Ltd.

The new D-Link UTM firewalls adopt a unique technology called Component-Based signatures, which effectively recognizes most known and varied attacks. To cover a wide range of signatures, their built-in database includes data from a global attack sensor-grid and exploits collected from public sites such as the National Vulnerability Database and Bugtraq

D-Link UTM appliances feature innovative stream-based virus scanning technology that directly scans files of any sizes. "This method of scanning incoming files is in contrast with the traditional one, which requires scanned data to be re-assembled and packed in the hardware memory. D-Link’s scanning method not only increases inspection performance but also eliminates network bottlenecks, while imposing no limit on incoming file size," says Raj Jadhav of D-Link (India) Ltd.

In order to provide users with the most reliable, accurate and constantly updated antivirus signatures, the new D-Link security appliances use virus signatures from a well-known, well-respected antivirus company named Kaspersky Labs. Viruses and malware consequently can be effectively blocked before they reach the network's desktops or mobile devices. This allows a second layer of Anti-Virus security to be built in front of the desktop-level AV, and reduces the chance of virus infection due to inadequate personal AV protection or out-of-date signatures.

“From a historical context, the evolution of the security appliance market has primarily happened out of the need to tackle ever-increasing network threats. Threats that started as viruses, have now graduated to sophisticated blended threats, e.g. a mail-based Trojan that can hold a backdoor open for a hacker to come and hijack the network. Also, the average computer user unwittingly falls prey to social engineering tactics such as from Facebook and Yahoo Messenger,” says Tushar Sighat, Vice-President – Operations, Cyberoam (India), “There are many changes happening in security solutions market. Organisations are now consolidating the security. Formerly, they would go for point solutions, but nowadays every organisation is going for a Unified Threat Management solutions as they see value for their money,” says Mohit Puri, Enterprise Sales Head India/SAARC, WatchGuard Technologies. “Education and Government would be seeing significant growth in the near future. If you ask me, my favourite would be government which has a lot of scope in the times to come,” adds Mohit Puri.

Apart from complete solutions for networking, Cisco has UTM solutions. Cisco adopts a Self Defending Network (SDN) approach to security that helps customers manage and mitigate risks more effectively.

“As part of the SDN framework Cisco offers Adaptive Threat Defense (ATD) solution that helps to further minimize network security risks by dynamically addressing threats at multiple layers, enabling tighter control of network traffic, endpoints, users, and applications. ATD also simplifies architectural designs and lowers operational costs. This innovative approach combines security features, multilayer intelligence, application protection, network-wide control and threat containment within high-performance solutions,” says Prem Nithin.

The key components of ATD include Anti-X defenses, (Prevent and respond to network threats through a combination of innovative traffic and content-oriented security services), Application security, (Provide advanced business-application protection through the use of application-level access controls, application inspection, and enforcement of appropriate application-use policies, web-application control, and transaction privacy), Network control and containment (Network intelligence and the virtualization of security technologies provides the ability to layer sophisticated auditing and correlation capabilities to control and help protect any networked element or service such as Voice over IP (VoIP) with active management and mitigation capabilities and VPN features such as IPSec VPN and SSL VPN.

WatchGuard Technologies has released new models of our UTM products called XTM, i.e. Extensible Threat Management and our XCS, i.e. Extensible content security appliance. The company will be launching some of its new range of XTM in 2010 as well.

WatchGuard XTM builds on the powerful UTM foundation of integrated Firewall/VPN, Anti Virus, Intrusion Blocking, Spam blocking, Spyware and bot protection, URL filtering. The features include Voice over IP (VoIP), Inbound and Outbound HTTPS inspection, High availability and Management roles.

The CheckMark Level 5 certified Cyberoam Network Security Appliance delivers a complete set of robust security features that are built to support the demanding security requirements of a large enterprise, including Stateful Inspection Firewall, VPN (SSL VPN & IPSec), Gateway Anti-virus and Anti-spyware, Gateway Anti-Spam, Intrusion Prevention System, Content & Application Filtering, Bandwidth Management and Multiple Link Management over a single appliance while lowering capital and operating expenses.

Also, in order to tackle internal threats, Cyberoam’s identity-based security extends security beyond IP addresses, the traditional approach in security, right up till the user. It gives a clear view of “who is doing what” in the network and thus enables complete control over users mitigating all internal and user-based threats

Tushar Sighat of Cyberoam says, “Cyberoam identity-based security provides a transparent shield to the network which pinpoints the actual user and, thus, gives complete knowledge on ‘who is doing what’ in the network. Whether it is a sensitive file that is being leaked via through Instant messenger uploads or unsafe video download, Cyberoam blocks and prevents any threat at its source. This unique provision enables Cyberoam to proactively address emerging threats using a combination of incident prevention, detection and response.”

Cyberoam’s integrated Security Appliances are purpose-built for comprehensive network protection and high-performance needs of small, medium and large enterprises. It offers the following advantages to organisations. Says Shubhomoy Biswas, Country Director – India and SAARC, SonicWALL, “TZ, PRO, NSA, and E-Class NSA appliances are engineered to reduce risk, cost and complexity by integrating state-of-the-art firewall, UTM, wireless and VPN technologies to deliver comprehensive protection and maximum performance.”

Bhaskar Bakthavatsalu, Regional Director, India & SAARC, Check Point Software Technologies says, “Check Point appliances deliver powerful turnkey systems for deploying and managing Check Point's award-winning software solutions to address virtually any security need. All Check Point appliances are built around a unified security architecture, enabling organisations to perform all aspects of security management via a single, unified console.”

Check Point’s latest innovation the revolutionary Software Blade Architecture is the first and only security architecture that delivers total, flexible and manageable security to companies of any size. With this unprecedented capability to flexibly and quickly expand security capabilities, Check Point’s UTM solutions deliver lower cost of ownership and cost-efficient protection that meet any need, today and in the future.

Check Point UTM-1 appliances come packaged with the most comprehensive and flexible security solution available. All UTM-1 appliances can include firewall, intrusion prevention system (IPS), antivirus, anti-spyware, URL filtering, Web security, and anti-spam Software Blades. Additional blades can be flexibly added, as needed.

According to Check Point, eeverything you need in a UTM network security solution is provided by Check Point UTM-1 appliances. This include Security protections, all security updates, security management and hardware warranty.
UTM-1 comes with a preconfigured set of software blades. UTM-1 can be quickly and easily extended to meet new and evolving security requirements with additional Check Point Software Blades. Some additional Check Point Software Blades include Web, VoIP, Advanced Networking and Acceleration & Clustering.
Check Point UTM-1 appliances come with integrated gateway management, offering the ability to centrally manage multiple Check Point gateways from a single console. UTM-1 appliances include a Security Management container and the following blades: Network Policy Management, Endpoint Policy Management and Logging & Status blades. It also provides centralized, automatic updates to configure UTM-1 into an active security solution, capable of ensuring your networks are safe from new attacks via ongoing and automatic defense updates.
For small businesses, Check Point SafeOffice UTM appliances deliver proven and integrated security, networking and connectivity features right out-of-the-box. They are also available with integrated, high-speed ADSL modems and wireless router built in. It offers a simple, affordable and reliable solution to keep small business networks protected and connected.

Check Point's Software Blade architecture offers a better way, enabling organizations to efficiently tailor security solutions that meet the businesses security needs.

iValue says, “We provide end-to-end gateway protection through UTM and the benefits are cost-effective solutions along with ease of deployment and management for threat- free environments with secure access. We study the business needs of the customer and accordingly suggest the right model/configuration. Our solutions cover Gateway protection, branch office protection and secured remote access of applications from Internet and between branches. We also address security for Wireless infrastructure through our UTM offerings. Productivity management using web access control/security.”
“Fortinet’s UTM solutions offer comprehensive, homegrown and reliable real-time security. Fortinet is the only UTM solution that is engineered from the ground up to seamlessly integrate multiple security functions and, therefore, provides a powerful security solution, updated with the latest threat signatures though our FortiGuard subscription service,” says Vishak Raman, Regional Director - SAARC & Saudi Arabia, Fortinet Inc.

In addition, ASIC acceleration means network performance is optimized. Instead of having to install, manage and maintain disparate devices or point security solutions, organizations could consolidate their security capabilities into one high performance, centrally managed solution. “UTM security solution requires less training for the IT staff and simplifies deployment and maintenance. On top of that, solutions such as Fortinet’s are based on a per-unit license instead of a per-user license, which dramatically lower the costs of large security deployments,” adds Vishak.

In recent years, there has been a talk that channel network is going to lose its importance in the IT industry, but with UTM appliances this prediction stands null and void because without channel partners and VARs UTM appliances cannot be installed at the customer’s place. And organisations like Select Technologies and Inflow Technologies have shaped up to be the pure play security distributors. But, today, large distributors like Ingram Micro and Redington have also been focussing on security space. On the other side, all these UTM vendors are 100 per cent going through the channel route.

“Channel with regard to the security market is seeing a lot of changes. We see the channel market moving from the typical box pushers to solution sellers. The focus of channels is moving towards being a service provider to the customer. We see more and more channel partners who earlier were concentrating on networking and other business solutions eyeing security domain as more and more customers are looking at consolidating the number of service providers they deal with,” says Bhaskar of Check Point.

Information security is one area that has shown tremendous potential even during the global economic slowdown. With the heightened need for information security, organisations are looking at beefing up their security infrastructure without hindering the flow of information or functionality across the organisation. A partner should always try to find out the growth plans of the organisation before suggesting the security solutions to them. Scalability of the solutions is the need of the day as small enterprises may not afford to totally revamp their security solutions in case of rapid growth.

“With the proliferation of UTM appliance increasing, all vendors believe that channel is the best way to tap the broadening opportunity. Vendors expect large demand to come from small businesses and ROBOs (remote office branch office) supporting less than 25 users,” says Shubhomoy Biswas.

With the recent innovations in UTM industry, UTM appliances have achieved a quantum leap and the shifts in UTM technology and architecture have strengthened UTM performance in multi-fold. The channel community hopes that with these upcoming new and intelligent features next-generation UTMs will be more powerful, intelligent and easy-to-use.

“Channels are very receptive towards UTM. The reasons for this include fast sales cycle, high success rate, decent margin, relatively easy to manage technically, higher applicability and acceptance across customer sizes and vertical,” says iValue.
Channels are pretty excited about the idea of UTM and selling it as they can sell a complete solution to their customers in a single appliance which would include Gateway antivirus, Intrusion prevention system, Anti-spam and URL filtering as part of the same appliance.

“India is a big opportunity market for solutions like UTM, Channel partners in general appear happy about the idea of deploying a UTM as it promises reduced Total Cost of Ownership to both client and the channel partner. It also resolves issues of involving multiple vendors and multiple channel partners as well,” says Mohit Puri.

“There are some concerns as well with the channel partner which include renewals of the subscription every year and presales and post-sales issues which are some challenges which the channel community faces. As SMBs require a big space for the channel partners, they should be targeting high volumes with decent margins as well,” adds Mohit Puri.

Cisco is committed to collaborating with partners to help create unprecedented growth and profit opportunities. It is of paramount importance that our partners have the right skills to achieve complex customer needs. To ensure that Cisco channel partners are appropriately equipped, we have initiated various certification and partner programmes.

The Cisco Channel Partner Programme integrates the technology focus of each Cisco Partner through Specialisation, flexible individual career certification requirements, customer satisfaction targets, and pre- and post-sales support capabilities. We help partners differentiate themselves from the competition and reach out to customers with Cisco credibility. Cisco Channel Incentive Programmes are designed to reward partners who successfully align their business strategies in defined advanced technologies, new business, or solution sales opportunities. The incentive programmes include: Opportunity Incentive Programme (OIP), Value Incentive Programme (OIP) and Solutions Incentive Programme (SIP). Qualifying channel partners can participate in these programmes and realize economic benefits in the form of additional discounts or rebates, depending on the specific programme.

“Channel partners are increasingly becoming aware of designing/delivering solutions designed around UTM products because they realise there are huge opportunities in this field across all verticals. What is more substantial is that the Tier-II and Tier-III cities today present huge opportunities and are becoming strong growth drivers for UTMs,” says Tushar Sighat.

In keeping with the prospect of huge, untapped, opportunities, Cyberoam has created large prospective client databases to help its channel partners with enough information to help them plan their sales strategy. “We closely operate with partners through regular road shows, distribution meets and promotions in the key channel media. Simplified partner functioning through automated processes, channel awareness, increasing customer support infrastructure are other key aspects applied to strengthen partnerships and helping them reach out to more of them,” says Tushar Sighat.

“Our sales team guides partners to add value while delivering security as Cyberoam invests not only in the development of powerful, integrated solutions that create more value than comparably priced competitor products but also in training them,” says Cyberoam. Cyberoam helps its partners achieve and demonstrate competence and gain industry recognition for skills, networking and security as well as in deploying, configuring and managing the Cyberoam CR appliances through its certification programmes, viz. Cyberoam Certified Network & Security Professional, CCNSP and Cyberoam Certified Network & Security Expert, CCNSE – for which instructor-led training is provided on demand. CCNSP and CCNSE are thoughtfully designed to increase efficiency in maximising the benefits of Cyberoam appliances not only for customers and partners, but also for the certified professional’s career.

SonicWALL recently announced the launch of its Authorized Training Centre (ATC) in India by joining hands with WestconINDIA. This move is intended to strengthen SonicWALL's channel support in India by improving and expanding partner and end-user training resources. The state-of-the-art centre will be provided and managed by the certified SonicWALL Trainers (CST) of WestconINDIA.
SonicWALL offers two certification tracts: Technical Certification (Certified SonicWALL Security Administration (CSSA) and Master Certified SonicWALL Security Administrator (MASTER CSSA) and Sales Certification (Certified SonicWALL Sales Representative (CSSR). The training sessions are world-class with hands-on sessions backed with the SonicWALL certifications.

“The channels are receptive to UTM because the technology pleases their end customers and both parties are smart to recognize the incentive to focus on this compelling security segment. In addition, UTM addresses a keen market gap, which point solutions have left off, so definitely a business opportunity for the channels. Finally, the UTM market has built a critical mass with customers and channels will definitely want to be a part of it,” says Vishak.

A little bit knowledge on R&D activities of the vendors can bring confidence to the customers. In the past one year, WatchGuard Technologies has invested a lot in its research and development team. “It is because of the fact that we want to make an innovative product which addresses all the latest security threats,” says Mohit Puri.

Finally…
The UTM space is so alluring in India that it has forced the vendors to the Indian market and It is no doubt that evolution in the security space will keep on happening. One just cannot imagine what will be the size and shape and what kind of new capability will be added to it, but, for the time being, UTM at the present shape is a choice of the enterprises.