Aberdeen research shows that firewalls, VPNs (virtual private networks), antivirus, antispam, intrusion prevention and Web content filtering solutions are deeply penetrated in organizations of all sizes. Management of this portfolio of independent solutions can be time-consuming, costly and inefficient.
An upcoming Aberdeen benchmark report, “Unified Threat Management,” will look at the degree to which Best-in-Class organizations are consolidating multiple security functions into a single solution. The study, which is scheduled to publish at the end of the month, will provide new insight into the adoption of UTM (unified threat management) / all-in-one / multi-function security solutions, what Best-in-Class companies are doing to address managing the spectrum of security solutions required for securing their IT infrastructure, and the results they have achieved.
Business Context
The never-ending flow of threats and vulnerabilities to networks, computers and application software is daunting. One industry source reported 6,437 new vulnerability disclosures for the full year of 2007, nearly 90 percent of which could be exploited remotely over the network. In addition, in 2007 there were nearly 410,000 new examples of malware, including viruses, worms, back doors, key loggers, trojans, spyware and rootkits. Aberdeen’s July 2008 research in “Vulnerability Management” showed that trying to keep up with these vulnerabilities and threats is consuming about 14 percent of the average IT security budget. By moving more of their vulnerability-related costs from the “not avoided” to the “avoided” bucket, and by automating and streamlining the elements of the vulnerability management lifecycle to minimize total costs, Best-in-Class organizations are successfully turning a necessary evil into a positive ROI (return on investment).
UTM is an IT security product category coined to describe the integration of multiple threat and vulnerability management functions within a single solution (typically, a network appliance). Functionality commonly included within a UTM solution includes the following:
- Firewall
- VPN
- Intrusion detection / intrusion prevention
- Antivirus
- Antispam
- Web filtering (URL)
- Content filtering (HTTP, SMTP)
- High availability, load balancing and dynamic routing
Over time, as solution providers have labored to differentiate themselves through incorporation of additional features and services, the UTM category is bursting at the seams. Vendors refer to their solutions as “UTM,” “UTM+,” “Extended UTM,” “All-in-One Security,” “Multi-Function Security,” “Integrated Security,” etc., which has resulted in a confusing array of marketing messages and competitive positioning. All are aimed at a similar value proposition, however, avoid more problems from threats and vulnerabilities, and lower the total cost.
Conventional wisdom is that, based on factors such as cost and convenience, UTM solutions appeal primarily to the small (less than US$50 million in annual revenue) or mid-sized (between $50 million and $1 billion) segment of the market. Data from “The 2008 Aberdeen Report,” however, indicates that current deployments are more deeply penetrated in the large (>$1 billion) segment. Nearly half (48 percent) of respondents from large companies in that dataset indicated current deployments of UTM, with a healthy 17 percent of large organizations indicating plans to deploy in the next 12 months. Very strong year-over-year growth is projected to come from all size organizations, with the strongest relative growth coming from the mid-sized and small segments.
Geographically, current use for UTM was slightly more prevalent in the Americas (40 percent), but in absolute terms the near-term growth opportunity indicated by the research is comparable across the Americas, Europe / Middle East / Africa (EMEA), and Asia / Pacific (AP).
Research Hypothesis
Aberdeen’s research hypothesis is that the predominant pressures driving current investments in UTM solutions are to secure the IT infrastructure (networks, systems, applications) at a reduced cost. Consolidating multiple security functions into a single UTM solution is a strategic action that is consistent with this driver. A multi-function box does not eliminate the need for good management, so capabilities such as consistent policies, clear ownership, prioritization of remediation, and reporting are expected to be characteristics of companies with top performance.
In the area of enabling technologies, insight is expected into which UTM functions are being used, which functions are not being used, and how the functions are being used in combination by companies with leading results.
Anticipated Outcomes
Aberdeen’s research will confirm whether trends and best practices in UTM are consistent with those previously identified in our previous vulnerability management studies. These include the following:
- Broader use of enabling technologies and services
- Higher levels of automation
- Consistent security policies
- Clear organizational ownership
- Higher investments in training
- Adoption of a continuous, “lifecycle” approach to managing vulnerabilities and threats
Study Participation
By participating in this online survey, you will be able to see how your company’s experience in managing threats and vulnerabilities compares with those of its peers, benchmark your performance, and see how you can achieve Best-in-Class results. Your participation is a vital part of the report development, and serves as the foundation for Aberdeen’s research.
In appreciation for sharing your time and responses, Aberdeen will provide you with complimentary access to the report upon its publication (a $399 value). Note that all individual responses are kept strictly confidential, and data is only used in aggregate.
Derek Brink is vice president and research fellow for IT security at the Aberdeen Group.