Vendors Push Out UTM's Boundaries

SAN FRANCISCO -- RSA 2008 Conference -- Unified threat management (UTM) vendors are scaling down their platforms for smaller implementations, while others are outfitting them with extras like traffic shaping and new silicon.

Broadly speaking, UTM vendors have typically ganged together functions on their platforms like intrusion detection and prevention; anomaly detection; antivirus protection -- using either their own or some OEM'd signature files; leakage prevention; and message inspection. RSA exhibitors like Astaro Corp., Calyptix Security, Cymtec Systems, and Cyberoam are pushing out the boundaries of UTM by emphasizing other utilitarian aspects.

That reinterpreting was probably best exemplified by Astaro, which lifted the curtain on the Web Gateway product it was talking about last month. Its new UTM gateway provides integrated URL filtering, malware detection, instant messaging, and peer-to-peer application control. It also performs "bandwidth optimization" in the event IT wants to ratchet down, say, YouTube bandwidth and make room for actual business functions, according to Angelo Comazzetto, product evangelist for Astaro.

"Customers asked us if we could build something more affordable that gave them all the Web security features without making them pay for VPN and IDS," Comazzetto said. Pricing starts at $995, and a software-based virtual appliance version will be available in July, he told Dark Reading.

In similar fashion, Cymtec fielded its Sentry 2.0 for unified network and performance management in remote offices and SOHO environments. Sentry has four functional categories, or "buckets," as company president Andrew Rubin described it.

They include typical anti-spyware and malware capabilities; policy and Web enforcement; network visibility; and traffic control. "We've built a real-time sniffer and QOS engine into the platform," Rubin said. "UTM is what you use to bring up the environment; Sentry is what you use to manage it."

Sentry comes in two versions: The standard platform is $3,995; the SOHO version for up to six users is $1,295.

Calyptix also used the RSA show to display its AccessEnforcer UTM platform, touting its fit with small and midsized businesses "for more security and less complexity," as the company likes to say. Its AE1000 includes functions like anti-spam, anti-virus, and anti–malware; Web filtering; firewalling; intrusion prevention and detection; IPSec for VPNs; and reporting and logging.

The platform also uses the company's DyVax inspection engine for dynamic filtering of email traffic, executables, and Microsoft Office files without reliance on signatures.

Pricing for the AE1000 is $1,599: That's a flat fee, not a per-seat license; it's well suited for up to 25 users but can accommodate more, according to CEO Ben Yarbrough.

Finally, Cyberoam said at the RSA show that it's added multi-core processors to its UTM+ line, which it claims will deliver more granular and comprehensive security against existing and emerging threats.

Multi-core architectures are alleged to push IPS throughput beyond 3 Gbit/s, and HTTP throughout as high as 600 Mbit/s, according to Cyberoam. Multi-core appliances coupled with Cyberoam software also enable parallel processing of security operations for a high-speed, low-latency UTM solution.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.