Why I See UTMs As Generally Bad in the Current Market
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
That's not a logical way to view pricing.
That's like saying that hamburgers were overpriced at one restaurant, therefore all restaurants overcharge for hot dogs.
You are making the illogical association of the pricing being attached to food, rather than seeing the obvious attachment of the overpricing being part of the company in question that is setting the pricing.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
One software solution is Squid. And it is free.
-
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
Yeah - like most at that high level - it's all about schmoozing and grafting money from companies.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
Yeah - like most at that high level - it's all about smoozing and grafting money from companies.
Well, it's a product category that has little reason to exist at a technical level, so nearly all of their sales are done from schoozing, not providing something for a need. Even PA who makes a great product, makes one that fills a need that rarely exists.
-
@scottalanmiller
If only I had found ML before I bought my Fortigates. I may have made a difference decision. -
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
I can't speak for PA but Sophos licensing in a VM is based on IP addresses while the hardware isn't limited to that license scheme. Guess it's their way of forcing people to the hardware.
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
I can't speak for PA but Sophos licensing in a VM is based on IP addresses while the hardware isn't limited to that license scheme. Guess it's their way of forcing people to the hardware.
That's... weird
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market:
One thing that I've read over and over and over is that UTM's are generally NOT recommended. However, I'm interested in what use-cases people believe they may be a good fit. I often see "if you're going to use a UTM, get a Palo Alto" but would love to hear about when people think it IS a good fit.
UTMs or more often "UTM features in a VM not on a firewall" are needed typically in environments that are subject to focused, external attack vectors. Not typically companies that might be getting dinged by script kiddies, but ones where aggressive, trained attackers feel that they are a specific target worthy of focus. Banks, for example. Police agencies. Maybe hospitals. Places that are treasure droves of digital data. Places that hold data or access for lots and lots of other people.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
NGFW has trumped UTM in the hyper of "what's current" for network edge security. NGFW are simpler, more of an evolutionary advancement of our more traditional firewalls, and make far more sense as they are both more effective (generally) than UTMs, and follow standard IT concepts of how to approach services on the network.
I am thrown off by this. Are you supporting the use of "next generation firewalls" over the use of UTMs? I mean, I read through this twice now and that's what I am taking away from this paragraph. I skimmed through the comments and it sounds like people are saying that NGFW and UTMs are about the same thing -which I can agree with since the various security products over the years would naturally fall into different places across the security appliance spectrum (evolve), some being more similar/related than others. Your one paragraph here kind of separates the two for a moment, with the NGFW far better than the UTM, but I would think that you'd consider both bad on the basis that they are both things that group security roles (don't keep things separate).
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
-
An interesting topic, we could go on from this by recommending how to run the individual services correctly outside of the UTM device. IDS/IPS, DPI. Etc. That would be a good topic as well.
-
@StuartJordan said in Why I See UTMs As Generally Bad in the Current Market:
An interesting topic, we could go on from this by recommending how to run the individual services correctly outside of the UTM device. IDS/IPS, DPI. Etc. That would be a good topic as well.
i agree
-
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
NGFW has trumped UTM in the hyper of "what's current" for network edge security. NGFW are simpler, more of an evolutionary advancement of our more traditional firewalls, and make far more sense as they are both more effective (generally) than UTMs, and follow standard IT concepts of how to approach services on the network.
I am thrown off by this. Are you supporting the use of "next generation firewalls" over the use of UTMs? I mean, I read through this twice now and that's what I am taking away from this paragraph. I skimmed through the comments and it sounds like people are saying that NGFW and UTMs are about the same thing -which I can agree with since the various security products over the years would naturally fall into different places across the security appliance spectrum (evolve), some being more similar/related than others. Your one paragraph here kind of separates the two for a moment, with the NGFW far better than the UTM, but I would think that you'd consider both bad on the basis that they are both things that group security roles (don't keep things separate).
To some degree, all of these things are marketing terms, so that makes it a little hard to discuss clearly. So to clarify...
Where UTM = Firewall with "non-firewall features running on it instead of VMs" and ...
Where NGFW = Firewall that uses packet inspection deeper that L4Then yes, when appropriate NGFW can be a very good thing. NGFW does not imply running extra "services" on the router that could be in their own VMs. An NGFW is the evolution of the firewall itself, not adding other things to the firewall as if it were a general purpose server. NGFW things cannot realistically be offloaded elsewhere.
Of course, to muddy the waters, you will have firewall makers making an NGFW and then adding UTM features to it to make something both. I retain that the UTM "putting things that would function better elsewhere" on to any firewall is not the best approach (the exception would be in the rare case where you need those features but don't have a server infrastructure), even if the underlying firewall is an NGFW with deep packet inspection.
-
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
NGFW is deep packet inspection (high layers than the L3 and L4 of traditional shallow packet inspection firewalls), but not features like content filtering, anti-virus, IDS, etc.
I would put it as UTM is "general purpose applications running on a router as if it were a server." That's the key differentiation. To be a UTM, you have to treat your router hardware like basically a general purpose server running traditional server workloads (AV, Content Filtering, Proxy, IDS, etc.) on it.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
NGFW is deep packet inspection (high layers than the L3 and L4 of traditional shallow packet inspection firewalls), but not features like content filtering, anti-virus, IDS, etc.
I would put it as UTM is "general purpose applications running on a router as if it were a server." That's the key differentiation. To be a UTM, you have to treat your router hardware like basically a general purpose server running traditional server workloads (AV, Content Filtering, Proxy, IDS, etc.) on it.
ok, that helps clarify then. In my case, our current appliance is being used as both NGFW and UTM. The product we are looking at would be about the same, but do a better job in different areas.
-
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
NGFW is deep packet inspection (high layers than the L3 and L4 of traditional shallow packet inspection firewalls), but not features like content filtering, anti-virus, IDS, etc.
I would put it as UTM is "general purpose applications running on a router as if it were a server." That's the key differentiation. To be a UTM, you have to treat your router hardware like basically a general purpose server running traditional server workloads (AV, Content Filtering, Proxy, IDS, etc.) on it.
ok, that helps clarify then. In my case, our current appliance is being used as both NGFW and UTM. The product we are looking at would be about the same, but do a better job in different areas.
Right, so basically these days, any good UTM will be based on NGFW as its starting point. SonicWall, Sophos, Palo Alto should all be NGFW + UTM.
The NGFW I'm fully in support of when it makes sense (which is decently often), but the UTM pieces I would much rather see elsewhere (if at all), meaning running on the server infrastructure.
-
The difficulty with all of those things is handling encryption. That's long been a problem. One that is partially solved, but not fully. Even "solving it" creates problems.
NGFW has been a term for quite a while, but I don't like it. A firewall with DPI should just be called that, ideally. Not treated like it is a new magical thing. But... sales people.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
NGFW is deep packet inspection (high layers than the L3 and L4 of traditional shallow packet inspection firewalls), but not features like content filtering, anti-virus, IDS, etc.
I would put it as UTM is "general purpose applications running on a router as if it were a server." That's the key differentiation. To be a UTM, you have to treat your router hardware like basically a general purpose server running traditional server workloads (AV, Content Filtering, Proxy, IDS, etc.) on it.
ok, that helps clarify then. In my case, our current appliance is being used as both NGFW and UTM. The product we are looking at would be about the same, but do a better job in different areas.
Right, so basically these days, any good UTM will be based on NGFW as its starting point. SonicWall, Sophos, Palo Alto should all be NGFW + UTM.
The NGFW I'm fully in support of when it makes sense (which is decently often), but the UTM pieces I would much rather see elsewhere (if at all), meaning running on the server infrastructure.
(╯°□°)╯︵ ┻━┻
-
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@dave247 said in Why I See UTMs As Generally Bad in the Current Market:
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
NGFW is deep packet inspection (high layers than the L3 and L4 of traditional shallow packet inspection firewalls), but not features like content filtering, anti-virus, IDS, etc.
I would put it as UTM is "general purpose applications running on a router as if it were a server." That's the key differentiation. To be a UTM, you have to treat your router hardware like basically a general purpose server running traditional server workloads (AV, Content Filtering, Proxy, IDS, etc.) on it.
ok, that helps clarify then. In my case, our current appliance is being used as both NGFW and UTM. The product we are looking at would be about the same, but do a better job in different areas.
Right, so basically these days, any good UTM will be based on NGFW as its starting point. SonicWall, Sophos, Palo Alto should all be NGFW + UTM.
The NGFW I'm fully in support of when it makes sense (which is decently often), but the UTM pieces I would much rather see elsewhere (if at all), meaning running on the server infrastructure.
(╯°□°)╯︵ ┻━┻
Same as we've always been saying. Firewall is not the place for the "UTM pieces". They are better elsewhere, when needed.
It's that they are rarely needed, but sometimes.
When they are needed, in the firewall isn't the best place for them.It's not that the concepts are always bad, it's just how they are pushed way too often, and not in a good way to deploy them because it's not a good security practice to have them on the firewall.
