Recently, Greg Young of Gartner blogged about Enterprise UTM’s, comparing them to Unicorns and Pixies. I could not have agreed more with everything that Greg has wrote in his blog and would like to focus on his last bullet point. Greg discusses the “Best of breed requirements” that keep enterprises from buying UTM’s.
This is absolutely true. You will never see Fortinet, which describes itself as the “worldwide leader in UTM”, winning an enterprise deal on the merits of an individual component of their appliances. I have never seen Fortinet invited to participate in IPS shootouts alongside the market leaders, as their IPS is not enterprise grade but rather a lame version of Snort. Fortinet, despite being the first vendor to add anti-virus to a firewall, never replaces enterprise anti-virus gateways due to their ridiculously low catch rates. They offer database security but would never be considered by enterprise alongside Imperva and F5. They offer WAN optimization but would never win a deal against Riverbed or Cisco. UTM is a jack of all trades but master of none, or as my good friend Laurent Daudre-Vignier puts it, UTM, and Fortinet specifically, is like a duck. It can fly, swim, walk, dive, tweet and lay eggs but cannot do any of these very well… Fortinet, by the way, is not alone. Check Point’s UTM products will also never win a deal on the merits of an individual UTM component.
There are, however, multifunction devices that have best of breed components in them. Juniper has integrated security devices which have a world-class firewall and a best-of-breed IPS (I built both…). Palo Alto Networks, my current company, is winning IPS deals, gateway Anti-Virus and Anti-Spyware deals as well as content filtering deals in major enterprises, surpassing in features, quality and performance vendors that focus just on these individual components.
So, was Greg wrong by comparing enterprise UTM to Unicorns and Pixies? No, he wasn’t—but perhaps he should add a duck to his list of animals. Unified Threat Management, as the name suggests, unifies multiple point products into one device. I view it as consolidating the network security mess into one messy appliance.