UTM vs NGFW - A Single Shade of Gray


Published on

What is the difference between NGFW and UTM and who are the players in the market? Find out as Anitian explores the origin of these technologies and offers up advice on how to deploy your UTM / NGFW solutions.

Published in: Technology

UTM vs NGFW - A Single Shade of Gray

  1. 1. NGFW VS UTM A SINGLE SHADE OF GRAY Revised September 2014 ANITIAN intelligent information security
  2. 2. Overview Intent • Establish Unified Threat Management (UTM) and Next- Generation Firewall (NGFW) as the same technology • Help you understand these products, the market and how they are used • Educate you, Anitian does not sell these products Outline • Background • The Players • Deployment Options for UTM/NGFW • Implementation Challenges ANITIAN intelligent information security
  3. 3. Speaker: Andrew Plato • President / CEO of Anitian • 20 years of experience in IT & security • Completed thousands of security assessments & projects • Discovered SQL injection attack tactic in 1995 • Helped develop first in-line IPS engine (BlackICE) • Co-developed RiskNow™ - Rapid Risk Assessment approach • Championed movement toward practical, pragmatic information security solutions ANITIAN intelligent information security
  4. 4. ANITIAN We enlighten, protect and empower great security leaders. We believe security will make the world a better place. • Security is necessary for innovation and growth • Security can be empowering when it is practical and pragmatic • Good security comes from rational, scientific methods of analysis ANITIAN intelligent information security
  5. 5. Premises & Assumptions • Most of our experience is with Fortinet, Palo Alto, Juniper and Cisco products • We have direct experience with over 500 deployments • We have audited hundreds of NGFW/UTM deployments • Anitian is not a VAR, we do not sell any of these products • Anitian has no financial interest in any of these vendors • We believe the best NGFW/UTM product is the one implemented, managed and audited correctly ANITIAN intelligent information security
  6. 6. MARKET OVERVIEW NGFW VS UTM ANITIAN intelligent information security
  7. 7. Origin of the Words • Unified Threat Management (UTM) sprung up as a term in about 2004 from the research company IDC • Defined an emerging class of products that combined multiple security features • Next-Generation Firewall (NGFW) sprang up in about 2011 with Gartner and Palo Alto Networks championing this term • Claimed uniqueness as a technology due to application control • Anitian challenged this sleight of hand in our blog entry: http://blog.anitian.com/utm-v-ngfw-a-single-shade-of-gray/ ANITIAN intelligent information security
  8. 8. UTM Definition UTM security appliance products include multiple security features integrated into one box. To be included in this category, as opposed to other segments, the appliance MUST contain the ability to perform network firewalling, network intrusion detection and prevention, and gateway antivirus (AV). All of the capabilities in the appliance need not be utilized, but the functions must exist inherently in the appliance. In these products, the individual components cannot be separated. Source: IDC, Worldwide Threat Management Security Appliances 2004-2008 Forecast and 2003 Vendor Shares: The Rise of the Unified Threat Management Security Appliance © 2004 TL:DR – A Firewall with expanded security capabilities. ANITIAN intelligent information security
  9. 9. NGFW Definition A class of firewalls designed to filter network and Internet traffic based upon the applications or traffic types using specific ports. The application-specific granular security policies provided by Next Generation Firewalls help them detect application-specific attacks, giving them the potential to catch more malicious activity than more traditional firewalls. Next Generation Firewalls (NGFWs) blend the features of a standard firewall with quality of service (QoS) functionalities in order to provide smarter and deeper inspection. In many ways a Next Generation Firewall combines the capabilities of first-generation network firewalls and network intrusion prevention systems (IPS), while also offering additional features such as SSL and SSH inspection, reputation-based malware filtering and Active Directory integration support. Webopedia TL:DR – A Firewall with expanded security capabilities. ANITIAN intelligent information security
  10. 10. Gartner Says As the firewall market evolves from stateful firewalls to NGFWs, other security functions (such as network IPSs) and full-stack inspection, including applications, will also be provided within an NGFW. The NGFW market will eventually subsume the majority of the stand-alone network IPS appliance market at the enterprise edge… Although firewall/VPN and IPS are converging (and sometimes URL filtering), other security products are not. All-in-one or unified threat management (UTM) products are suitable for SMBs but not for the enterprise: Gartner forecasts that this separation will continue until at least 2015. Branch office firewalls are becoming specialized products, diverging from the SMB products. Magic Quadrant for Enterprise Firewalls, December 14, 2011 TL:DR: NGFW are firewalls with expanded security capabilities, but totally not UTM ANITIAN intelligent information security
  11. 11. UTM = NGFW ANITIAN intelligent information security
  12. 12. Conclusions • NGFW and UTM are identical technologies • Changing words does not change the underlying technology • Firewalls are adding new capabilities, and that is good • Quality of players is variable • Application identification is not unique, special or new • Be careful, words can be used to deceive and mislead • Beware of the phrase “the only” its rarely true • Analysts have agendas, and they rarely disclose them ANITIAN intelligent information security
  13. 13. THE PLAYERS ANITIAN intelligent information security
  14. 14. UTM Market Share 2012 Rank Company Share 1 Fortinet 18.9% 2 CheckPoint 17.8% 3 Sonicwall 9.3% 4 Juniper 5.8% 5 Cisco 5.4% 6 WatchGuard 5.1% 7 McAfee 4.2% 8 Sophos (Astaro) 2.2% 9 Others 31.3% <- ??? PAN, Stonesoft, Barracuda, HP, etc. Source: IDC Worldwide UTM Market Share June 2012, the most recent and reliable data we could find ANITIAN intelligent information security
  15. 15. NGFW Market Share This space intentionally left blank* * because there are no market share reports!!!! ANITIAN intelligent information security
  16. 16. Anitian’s Estimated Market Share This is our best guess at the current UTM/NGFW combined market share Rank Company Share 1 Cisco 20% 2 Fortinet 15% 2 Juniper 15% 2 Palo Alto 15% 3 CheckPoint 10% 3 SonicWall 10% - Others 15% ANITIAN intelligent information security
  17. 17. UTM/NGFW Players The Leaders • Checkpoint • Fortinet • Palo Alto Networks The Challengers • Dell Sonicwall • Sophos • Cisco / Sourcefire The Uncompetitive • Juniper • McAfee / Stonesoft • WatchGuard Rookies • Barracuda ANITIAN intelligent information security
  18. 18. The Leaders - Checkpoint • Excellent management platform • Diverse platform set • Willingness to play dirty • Loyal customer base • Milking the life out of those loyal customers • Aging technology and platforms • Expensive, complex licensing • CHKP: $1.4B revenue, $13.5B market cap ANITIAN intelligent information security
  19. 19. The Leaders - Fortinet • Outstanding performance • Broad rage of products • Massive R&D, brilliant engineering team • Unified stack (hardware/software/content) • Affordable, simple licensing • Lots of third-party certifications • Terrible marketing and sales efforts • Central management & reporting is mediocre • Inconsistent support • Management turn over is distracting • FTNT: $685M revenue, $4.3B market cap ANITIAN intelligent information security
  20. 20. The Leaders – Palo Alto Networks • “Apple-esque” brand buzz • Stellar business leadership and maturity • Novel approach to application control • Excellent AD integration • Good reporting • Questionable performance claims • Overzealous, but extremely effective marketing • Minimal third-party certifications • Infuriating commit process • Ultra-premium pricing • PANW: $598M in revenue, $7.7B market cap ANITIAN intelligent information security
  21. 21. The Challengers Sonicwall • Impressive performance • Good NSS reviews • Dell ownership is a negative • Fragmented development Sophos • Good feature set at a good price • Solid strategic vision • Poor name recognition • Solid SMB solution, weak enterprise position ANITIAN intelligent information security
  22. 22. The Challengers Cisco / SourceFire • SourceFire has excellent accuracy, reputation, and smart people • Cisco has gobs of money, power, and market share • Put together, this has the promise of something great • Still a work in progress ANITIAN intelligent information security
  23. 23. The Uncompetitive Juniper • Security is not a priority for them • Coasts on market share alone McAfee • Stonesoft purchase is interesting • Intel buyout has been very negative Watchguard • A business case in how not to run a security company • Archaic, underperforming platform ANITIAN intelligent information security
  24. 24. The Rookies • Barracuda • Positive reviews • Low rent marketing, sales, and channel engagement • Questionable performance and feature set ANITIAN intelligent information security
  25. 25. DEPLOYMENT OPTIONS ANITIAN intelligent information security
  26. 26. Point Products Are Dying • Point products create excessive administrative overhead • Causes mistakes and security vulnerabilities • Training and ramping challenges • Interdependence between technology vendors • Lack of integration • Lack of cohesion among security data • Multiple point of failure problem is minimized • Difficulty in virtualizing • Unifying to a common security platform creates a more efficient, seamless environment ANITIAN intelligent information security
  27. 27. Single Platform – Multiple Deployments • Traditional Firewall / VPN • IDS/IPS* • Web Filter & Application Control * • Web Proxy / Reverse Proxy / Caching • Core Firewall* • SSL-VPN • Remote Endpoint • Wireless Networking • BYOD Networks • Virtualized security * • SSL inspection / scanning ANITIAN intelligent information security
  28. 28. IDS / IPS • Well suited to this task • UTM/NGFW is consuming the IDS/IPS market • Traditional point players are underperforming UTM/NGFW products • NSS Report for IPS had Sourcefire as top spot for detection accuracy (no surprise there) • CheckPoint & Fortinet were close behind • PAN was the weakest of the NGFW products • TippingPoint, Juniper and IBM-ISS were the weakest of all products tested! ANITIAN intelligent information security
  29. 29. Web Filter / Application Control / Web Proxy • Web filtering is commodity • User integration is strong for the leaders • Application control is tricky to implement • Blacklisting is always easier than whitelisting applications • Integrating gateway AV is good • Proxy support is good among most platforms • WCCP never works • Reporting is challenging ANITIAN intelligent information security
  30. 30. Core Firewall • Ideal role for UTM/NGFW • Can provide internal segmentation • Terminate VLANs to control access • Implement IDS/IPS & Application Monitoring • Watch out for performance issues, buy big • Huge security benefits • Virtualize core firewalls to provide business-unit segmentation ANITIAN intelligent information security
  31. 31. Virtualized Security • All of the leaders and some of others have full virtualized their platforms • Allows you seamless transition from on-premise to cloud • Ideal for PCI or HIPAA compliance segmentation • Create multiple security zones in a single hypervisor ANITIAN intelligent information security
  32. 32. IMPLEMENTATION CHALLENGES ANITIAN intelligent information security
  33. 33. Challenges / Solutions Intra-department turf battles? Define management and architecture roles early Different teams managing different components? Use access controls to break up management or virtualize devices to perform different functions Performance concerns? Buy way more than you need, deploy in a cluster Single point of failure concerns? Buy an HA pair, deploy active-active cluster Accuracy concerns? NSS labs has proven UTM/NGFW is MORE accurate 10GB!!!! Spendy, but all platforms have 10GB solutions ANITIAN intelligent information security
  34. 34. Challenges / Solutions UTM is for small business, NGFW is for enterprise! Pointless differentiator, the two are the same But only _____ can do _____! Differences between the players are all pretty minor It basically comes down to performance, price and usability My boss told me to get a ______! Be wary of any manager who mandates a vendor. Picking a technology based on free lunches from a VAR is about the worst possible way to select a product. Too expensive! When you collapse point products to a common platform it can save a lot of money ANITIAN intelligent information security
  35. 35. QUESTIONS ? ? ANITIAN intelligent information security
  36. 36. Thank You EMAIL: andrew.plato@anitian.com WEB: anitian.com TWITTER: @andrewplato @AnitianSecurity BLOG: blog.anitian.com SLIDES: http://bit.ly/anitian CALL: 888-ANITIAN ANITIAN intelligent information security