Nov 11 2009

5 Tips to Make the Most Out of Your UTM Investment

IT leaders share how to best utilize a unified threat management appliance to protect your business.

Photo: Phoebe Rourke-Ghabriel

A Cisco ASA 5510 firewall serves as the security gateway in Paymetric’s primary and disaster recovery sites, says IT Operations Director Genady Vishnevetsky.

As Paymetric constructs its new computing sites, one piece of equipment will definitely be making the move — the Cisco Adaptive Security Appliance 5510.

The company, which offers payment processing services for enterprise resource planning systems, manages all of its infrastructure remotely, notes Genady
Vishnevetsky, director of IT operations and security at the company’s Houston office. Paymetric’s data center is in Dallas and its disaster recovery center sits in Denver.

“The Cisco ASA 5510 serves as our primary security gateway,” says Vishnevetsky. “It separates different servers and infrastructures, and zones them based on security architecture.” The company spent about $25,000 on the four ASA devices this summer, adding them to the Cisco network gear already in place on the Paymetric network.

Unified threat management appliances, such as Cisco’s, protect networks by delivering core functions such as firewall, virtual private network, antivirus, intrusion detection/prevention and content filtering. These devices are well suited for small and midsize businesses because they can simplify management and reduce costs, says Joel Snyder, a senior partner at consultancy Opus One. To make the most of a UTM investment, buyers would be wise to heed the following tips.

1. Understand that performance may vary.

“You need to test the vendor’s claim of how much throughput you can get through the box and if there’s a performance lag,” recommends Victor Wise, director of technical services for ad agency Engauge in Columbus, Ohio.

Wise’s company relies on various SonicWall Network Security Appliance models at several locations, but one installation was a poor fit. “As soon as we turned on the UTM, it just bogged down the box to the point it was impacting production traffic,” he says. An upgrade to the E-Class NSA series solved the problem. The lesson? Make sure the UTM is sized correctly.

Performance numbers listed at the top of a product’s data sheet are generally for the best case — traffic nobody ever sees, Snyder points out. Scrutinize the literature to find the real performance with all the UTM features turned on. If that data isn’t available, “a generally safe assumption is that UTM performance will be about 10 percent of best-case performance,” he says. That’s right: A 90 percent slowdown is typical.

2. Factor in subscription costs.

“With device costs dropping, vendors are using maintenance fees to help keep their profit margins up,” observes Snyder. “When you budget for a new device, get a five-year quote for your total out-of-pocket costs to keep everything running.” This will reduce the surprise factor and help you compare different products more accurately.

3. Don’t scrimp on support.

Paymetric’s Vishnevetsky says Cisco’s SmartNet support plan is worth the investment. “It not only covers repairs and replacements and upgrades to the software and code, but it also comes with pretty comprehensive technical support,” he says. “They offer you architectural help and preliminary design assistance, which is a tremendous value.” Cisco helped Paymetric design its security architecture and configure the ASAs.

What’s more, the IT leader appreciates Cisco’s replacement policy. “I’ve been in a situation when my contract lapsed or I never had it on the devices,” Vishnevetsky says. “They will make a one-time exemption per serial number and support you or replace the defective part.”

4. Use what you’ve got.

Which features of a unified threat management device do you consider to be most important?

43% Firewall

35% Intrusion detection/intrusion prevention
13% Antivirus
3% Content filtering
2% Other

SOURCE: 446 BizTech readers

Jason Omens, IT manager for BuzzBee, suggests spending the extra money to take advantage of all the available subscription services, such as intrusion prevention, spam blockers and gateway antivirus. Before joining the Seattle marketing firm, Omens worked as a consultant and deployed many WatchGuard Firebox devices. “I definitely recommend UTMs for security-conscious smaller businesses. Even with the extra subscription fees, there is a significant cost savings when not having to buy separate appliances and software,” he says.

BuzzBee relies on a WatchGuard FireBox X550e for firewall, network address translation and antivirus functions, and also has put the WebBlocker Server into action as needed. For example, during one period, employees were fixated on a live feed of puppies, and the streaming videos choked the T-1 connection.

“The WebBlocker was an easy way to block that particular site, and everything was back to normal,” Omens says. “They called me the puppy killer.”

5. Don’t rush to roll out firmware.

Jim Cheshire, director of technical services for engineering firm AVAI Ventures in Austin, Texas, has long used McAfee’s UTM Firewall for his internal networks and client sites. “It supports a broad spectrum of requirements and is fairly easy to teach and administer,” he says. Though pleased with the UTM, one thing he’s learned is not to rush a roll out of security-device firmware.

“You may have a revision of firmware that has some unique behavioral issues that you need to overcome,” Cheshire says. “There’s the old adage of ‘let someone else find the problems first,’” he says. As a result, AVAI typically holds off on deploying firmware until a few months after it’s released.