Why I See UTMs As Generally Bad in the Current Market
-
Nicely written post. I appreciate that you took the time to put your thoughts down.
I'm one of those who has a UTM (Sophos XG) on my lab network. I could replace it with a firewall I suppose but I also like to tinker and learn it so it keeps me occupied (maybe I spend more time on it then I should when I screw something up lol). To be honest, none of my clients have a UTM. I've never felt like they needed one. And while I DO have a UTM, I can also confirm that it HAS stopped bad things from happening. Is it because it was the first thing on the network edge to catch the bad thing? Yep, probably. Would my son's AV have caught it? I'll never really know. But like I said, I keep it because I like to tinker.
One thing that I've read over and over and over is that UTM's are generally NOT recommended. However, I'm interested in what use-cases people believe they may be a good fit. I often see "if you're going to use a UTM, get a Palo Alto" but would love to hear about when people think it IS a good fit.
Something else I want to ask. When I see "if you're going to use a UTM, get a Palo Alto", would love to know about WHY Palo Alto. I don't have any experience with them so I'd love to hear about what makes them the go-to. What do they have that the other offers don't? What do they do that is so different to place them head and shoulders above the rest?
-
Most NGFW are just updated UTM solutions from the same vendors.
I hate the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
-
@JaredBusch said in Why I See UTMs As Generally Bad in the Current Market:
Most NGFW are jut updated UTM solutions form the same vendors.
I have the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
And several things we call UTM are actually NGFW now. LIke PA.
-
@JaredBusch said in Why I See UTMs As Generally Bad in the Current Market:
Most NGFW are jut updated UTM solutions form the same vendors.
I have the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
NGFW?
-
@Obsolesce said in Why I See UTMs As Generally Bad in the Current Market:
@JaredBusch said in Why I See UTMs As Generally Bad in the Current Market:
Most NGFW are jut updated UTM solutions form the same vendors.
I have the entire concept of the NGFW as no one has a clue what they are buying, using, researching.
NGFW?
Next Gen Firewall. Deep packet inspection.
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market
Something else I want to ask. When I see "if you're going to use a UTM, get a Palo Alto", would love to know about WHY Palo Alto. I don't have any experience with them so I'd love to hear about what makes them the go-to. What do they have that the other offers don't? What do they do that is so different to place them head and shoulders above the rest?
Isn’t the main thing that makes PA acceptable that they size their hardware right for the services included?
Plus perhaps they have shown they are one of the few how can have the best in breed of more than one of the functions?From what I’ve seen, most UTM makers drastically undersized their box for the environment they claim it can support. Ultimately you end up disabling services to improve performance, hence making it pointless in the first place. Though running all of those services individually if you need them is rather expensive, both in software and hardware needs. So buying a right sized UTM/NGFW seems like a doable thing IF you need all those services and the services the vendor supply are anywhere near best in breed.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market
Something else I want to ask. When I see "if you're going to use a UTM, get a Palo Alto", would love to know about WHY Palo Alto. I don't have any experience with them so I'd love to hear about what makes them the go-to. What do they have that the other offers don't? What do they do that is so different to place them head and shoulders above the rest?
Isn’t the main thing that makes PA acceptable that they size their hardware right for the services included?
Plus perhaps they have shown they are one of the few how can have the best in breed of more than one of the functions?They also invented most of the technology here. And they actually do NGFW, not UTM per se.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
That's not a logical way to view pricing.
That's like saying that hamburgers were overpriced at one restaurant, therefore all restaurants overcharge for hot dogs.
You are making the illogical association of the pricing being attached to food, rather than seeing the obvious attachment of the overpricing being part of the company in question that is setting the pricing.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
Though running all of those services individually if you need them is rather expensive, both in software and hardware needs.
Not in hardware, nearly all shops have 100x the needed capacity to run them well sitting idle already. They use very little, it just seems like a lot because routers have so little power.
I haven't priced VM based solutions - Though I know if Unitrends is any indication - the software solution is just as expensive or even more so than the hardware solution from a vendor.
One software solution is Squid. And it is free.
-
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
Yeah - like most at that high level - it's all about schmoozing and grafting money from companies.
-
@Dashrender said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
Yeah - like most at that high level - it's all about smoozing and grafting money from companies.
Well, it's a product category that has little reason to exist at a technical level, so nearly all of their sales are done from schoozing, not providing something for a need. Even PA who makes a great product, makes one that fills a need that rarely exists.
-
@scottalanmiller
If only I had found ML before I bought my Fortigates. I may have made a difference decision. -
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
I can't speak for PA but Sophos licensing in a VM is based on IP addresses while the hardware isn't limited to that license scheme. Guess it's their way of forcing people to the hardware.
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market:
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
I believe both Sophos and Palo Alto offer their UTM products in software at a pretty major price discount from their appliance offerings. But as they are both closed pricing, there is no official pricing on either approach.
I can't speak for PA but Sophos licensing in a VM is based on IP addresses while the hardware isn't limited to that license scheme. Guess it's their way of forcing people to the hardware.
That's... weird
-
@NashBrydges said in Why I See UTMs As Generally Bad in the Current Market:
One thing that I've read over and over and over is that UTM's are generally NOT recommended. However, I'm interested in what use-cases people believe they may be a good fit. I often see "if you're going to use a UTM, get a Palo Alto" but would love to hear about when people think it IS a good fit.
UTMs or more often "UTM features in a VM not on a firewall" are needed typically in environments that are subject to focused, external attack vectors. Not typically companies that might be getting dinged by script kiddies, but ones where aggressive, trained attackers feel that they are a specific target worthy of focus. Banks, for example. Police agencies. Maybe hospitals. Places that are treasure droves of digital data. Places that hold data or access for lots and lots of other people.
-
@scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market:
NGFW has trumped UTM in the hyper of "what's current" for network edge security. NGFW are simpler, more of an evolutionary advancement of our more traditional firewalls, and make far more sense as they are both more effective (generally) than UTMs, and follow standard IT concepts of how to approach services on the network.
I am thrown off by this. Are you supporting the use of "next generation firewalls" over the use of UTMs? I mean, I read through this twice now and that's what I am taking away from this paragraph. I skimmed through the comments and it sounds like people are saying that NGFW and UTMs are about the same thing -which I can agree with since the various security products over the years would naturally fall into different places across the security appliance spectrum (evolve), some being more similar/related than others. Your one paragraph here kind of separates the two for a moment, with the NGFW far better than the UTM, but I would think that you'd consider both bad on the basis that they are both things that group security roles (don't keep things separate).
If you ARE supporting NGFW and opposing the use of UTMs, I will just say that my current SonicWall model is specifically listed as a NGFW (though you have argued with me in the past about it actually being a UTM). Also, the Sophos XG product that I originally posted about is also an NGFW. I assume you will respond by saying that they just stopped calling them UTMs and are now calling them NGFW, so if that's the case, can you provide some list of products or features that you would use to distinguish a UTM from a NGFW?
-
An interesting topic, we could go on from this by recommending how to run the individual services correctly outside of the UTM device. IDS/IPS, DPI. Etc. That would be a good topic as well.
