Why I See UTMs As Generally Bad in the Current Market
-
@JaredBusch said in Why I See UTMs As Generally Bad in the Current Market:
Most NGFW are jut updated UTM solutions form the same vendors.
I have the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
And several things we call UTM are actually NGFW now. LIke PA.
-
@JaredBusch said in Why I See UTMs As Generally Bad in the Current Market:
Most NGFW are jut updated UTM solutions form the same vendors.
I have the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
NGFW?
-
@Obsolesce said in Why I See UTMs As Generally Bad in the Current Market:
@JaredBusch said in Why I See UTMs As Generally Bad in the Current Market:
Most NGFW are jut updated UTM solutions form the same vendors.
I have the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
NGFW?
Next Gen Firewall. Deep packet inspection.
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market
Something else I want to ask. When I see "if you're going to use a UTM, get a Palo Alto", would love to know about WHY Palo Alto. I don't have any experience with them so I'd love to hear about what makes them the go-to. What do they have that the other offers don't? What do they do that is so different to place them head and shoulders above the rest?
Isn’t the main thing that makes PA acceptable that they size their hardware right for the services included?
Plus perhaps they have shown they are one of the few how can have the best in breed of more than one of the functions?From what I’ve seen, most UTM makers drastically undersized their box for the environment they claim it can support. Ultimately you end up disabling services to improve performance, hence making it pointless in the first place. Though running all of those services individually if you need them is rather expensive, both in software and hardware needs. So buying a right sized UTM/NGFW seems like a doable thing IF you need all those services and the services the vendor supply are anywhere near best in breed.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market
Something else I want to ask. When I see "if you're going to use a UTM, get a Palo Alto", would love to know about WHY Palo Alto. I don't have any experience with them so I'd love to hear about what makes them the go-to. What do they have that the other offers don't? What do they do that is so different to place them head and shoulders above the rest?
Isn’t the main thing that makes PA acceptable that they size their hardware right for the services included?
Plus perhaps they have shown they are one of the few how can have the best in breed of more than one of the functions?They also invented most of the technology here. And they actually do NGFW, not UTM per se.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
That's not a logical way to view pricing.
That's like saying that hamburgers were overpriced at one restaurant, therefore all restaurants overcharge for hot dogs.
You are making the illogical association of the pricing being attached to food, rather than seeing the obvious attachment of the overpricing being part of the company in question that is setting the pricing.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
One software solution is Squid. And it is free.
-
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
Yeah - like most at that high level - it's all about schmoozing and grafting money from companies.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
Yeah - like most at that high level - it's all about smoozing and grafting money from companies.
Well, it's a product category that has little reason to exist at a technical level, so nearly all of their sales are done from schoozing, not providing something for a need. Even PA who makes a great product, makes one that fills a need that rarely exists.
-
@scottalanmiller
If only I had found ML before I bought my Fortigates. I may have made a difference decision. -
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
I can't speak for PA but Sophos licensing in a VM is based on IP addresses while the hardware isn't limited to that license scheme. Guess it's their way of forcing people to the hardware.
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
I can't speak for PA but Sophos licensing in a VM is based on IP addresses while the hardware isn't limited to that license scheme. Guess it's their way of forcing people to the hardware.
That's... weird
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market:
One thing that I've read over and over and over is that UTM's are generally NOT recommended. However, I'm interested in what use-cases people believe they may be a good fit. I often see "if you're going to use a UTM, get a Palo Alto" but would love to hear about when people think it IS a good fit.
UTMs or more often "UTM features in a VM not on a firewall" are needed typically in environments that are subject to focused, external attack vectors. Not typically companies that might be getting dinged by script kiddies, but ones where aggressive, trained attackers feel that they are a specific target worthy of focus. Banks, for example. Police agencies. Maybe hospitals. Places that are treasure droves of digital data. Places that hold data or access for lots and lots of other people.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
NGFW has trumped UTM in the hyper of "what's current" for network edge security. NGFW are simpler, more of an evolutionary advancement of our more traditional firewalls, and make far more sense as they are both more effective (generally) than UTMs, and follow standard IT concepts of how to approach services on the network.
I am thrown off by this. Are you supporting the use of "next generation firewalls" over the use of UTMs? I mean, I read through this twice now and that's what I am taking away from this paragraph. I skimmed through the comments and it sounds like people are saying that NGFW and UTMs are about the same thing -which I can agree with since the various security products over the years would naturally fall into different places across the security appliance spectrum (evolve), some being more similar/related than others. Your one paragraph here kind of separates the two for a moment, with the NGFW far better than the UTM, but I would think that you'd consider both bad on the basis that they are both things that group security roles (don't keep things separate).
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
-
An interesting topic, we could go on from this by recommending how to run the individual services correctly outside of the UTM device. IDS/IPS, DPI. Etc. That would be a good topic as well.
-
@StuartJordan said in Why I See UTMs As Generally Bad in the Current Market:
An interesting topic, we could go on from this by recommending how to run the individual services correctly outside of the UTM device. IDS/IPS, DPI. Etc. That would be a good topic as well.
i agree
-
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
NGFW has trumped UTM in the hyper of "what's current" for network edge security. NGFW are simpler, more of an evolutionary advancement of our more traditional firewalls, and make far more sense as they are both more effective (generally) than UTMs, and follow standard IT concepts of how to approach services on the network.
I am thrown off by this. Are you supporting the use of "next generation firewalls" over the use of UTMs? I mean, I read through this twice now and that's what I am taking away from this paragraph. I skimmed through the comments and it sounds like people are saying that NGFW and UTMs are about the same thing -which I can agree with since the various security products over the years would naturally fall into different places across the security appliance spectrum (evolve), some being more similar/related than others. Your one paragraph here kind of separates the two for a moment, with the NGFW far better than the UTM, but I would think that you'd consider both bad on the basis that they are both things that group security roles (don't keep things separate).
To some degree, all of these things are marketing terms, so that makes it a little hard to discuss clearly. So to clarify...
Where UTM = Firewall with "non-firewall features running on it instead of VMs" and ...
Where NGFW = Firewall that uses packet inspection deeper that L4Then yes, when appropriate NGFW can be a very good thing. NGFW does not imply running extra "services" on the router that could be in their own VMs. An NGFW is the evolution of the firewall itself, not adding other things to the firewall as if it were a general purpose server. NGFW things cannot realistically be offloaded elsewhere.
Of course, to muddy the waters, you will have firewall makers making an NGFW and then adding UTM features to it to make something both. I retain that the UTM "putting things that would function better elsewhere" on to any firewall is not the best approach (the exception would be in the rare case where you need those features but don't have a server infrastructure), even if the underlying firewall is an NGFW with deep packet inspection.