Skip to main content

Should You UTM?

December 08, 2014

When it comes to security devices, there are a lot more decisions to make than there used to be. Features that used to be market differentiators are now a given even on low-end commodity appliances, homogenizing offerings over the last few years. Market leaders have responded by adding new features and technologies to create what are now often referred to as Unified Threat Management (UTM) or Next-Generation Firewalls (NGFW).

So, what are these mythical creatures, what are they good for, who should consider them and why are they named after now-defunct space fantasy shows?

All valid questions. I’m glad I asked them on your behalf, and I’ll be happy to answer myself for you.  

What They Are

In a nutshell, these firewalls are designed to combine the function of numerous security technologies inside a single device. In addition to traditional firewall rules, you may find such features as:

  • Web Filtering
  • User Identification
  • DLP
  • GRC
  • Threat Modeling
  • Web Application Firewall
  • Remote Access
  • SSL Decryption
  • Anti-Spam
  • Anti-Malware/Antivirus
  • WAN Optimization
  • Web Proxy
  • Vulnerability Scanning
  • Halfway Decent Espresso Machine (Okay, this is more of a suggestion to the industry. I’d buy it, and I’m not alone.)

In many respects, firewalls are an ideal point for inspection of data since they already inspect most, if not all, traffic in an organization. These hybrid devices tend to be very attractive from a pricing standpoint when compared to the cost of buying separate solutions for each technology. They can help simplify complicated designs by reducing the number of nodes that traffic must be sent through, and they may offer a more manageable learning curve for leanly staffed organizations. 

What They Are Not

For all that these devices can do, there are a few critical things to bear in mind before running out to buy one for your environment. Packing all these features into a single box can have some downsides, too. 

Performing all these operations generally means higher latency and significantly higher requirements for system resources, particularly RAM and CPU. An overtaxed box can behave unexpectedly and either impact performance negatively or allow uninspected traffic to pass. 

Another thing to remember is that firewall manufacturers may have a lot of experience with firewalls, but these other technologies are not firewalls. Your chosen vendor may not have much experience in with these added features. So, you might have to accept some tradeoffs in terms of protection compared to a best-of-breed approach.

Beware of optimistic performance metrics and other overstated claims. It is important to look and ask around before moving forward with one of these devices.

So, to UTM or Not to UTM?

There’s no formula for determining if an organization is a good candidate for UTM/NG firewalls, but here are a few questions to help determine if you are NOT a good candidate:

  • Is value your top priority in a security purchase?
  • Do you carefully track SLAs?
  • Do you have four or more of the technologies listed above already in use?
  • Do you make firewall changes during business hours?
  • Do you have a security staff of more than four?
  • Do you follow a rigorous change management policy?

If you answer ‘yes’ to more than a couple of these questions, UTM/NG firewalls may not be suitable for your data protection needs. But unless you know for sure they will not work for you (and why would you be reading this if you were?), they are certainly worth a look. 

Related Blogs

January 25, 2017

Escape and Evasion Egressing Restricted Networks

A command kill chain consists of payload delivery, code execution on a target system, and establishing a command and control (C2) channel outside of a...

See Details

February 06, 2018

What Is SSL Web Inspection and Where Should It Occur? (Part 3)

In parts one and two of this blog series, I provided an overview of SSL web inspection, and dove deeper into how SSL inspection solutions work and met...

See Details

January 29, 2018

What Is SSL Web Inspection and Where Should It Occur? (Part 2)

Hardware will vary between vendors and even different models within a vendor’s catalog. Some models/vendors will offload complex CPU tasks (decryption...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

August 24, 2017

Enterprise Incident Management Brief

Learn how Optiv’s workshop helps security leaders evolve their technical incident response practices to broad scope enterprise incident management.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.