NGFW or UTM: How to Choose
Historically, Next-Generation Firewall (NGFW) appliances were designed to deliver a very specific set of security services – firewalling, IPS, and URL filtering. Anything that consolidated more than those services was commonly referred to as a Unified Threat Management (UTM) appliance. Today, however, we see significant blending of these two markets and products. The performance gap has disappeared and solutions marketed as NGFW appliances are being released with the same security services once unique to offerings marketed as UTM appliances.
So, if NGFW and UTM appliances are the same when it comes to security and performance, what is the difference?
The Real Choice: Customization vs. Simplicity
UTM appliances provide out-of-the-box policies, management, and reporting tools designed for ease of deployment and ongoing management while NGFW appliances cater to organizations that wish to customize their security policies and prefer manual reporting and management techniques.
Neither approach is wrong, however, many organizations do not have the time, resources, or security expertise required to manually build security policy and manage a variety of disparate appliances. UTM solutions give those organization the same enterprise-grade security without the extra layer of management. This is particularly useful for small, midsize, or widely distributed organizations that typically don’t have dedicated security or IT teams.
Performance: A Number is Worth a Thousand Words
It has been long debated if one appliance that centralizes a variety of network security tasks could ever compete with the performance of dedicated point solutions. Not only is the answer yes, but the performance of some UTM appliances, with all security engines running, outperform many dedicated NGFW point solutions.
(Don’t Get) Lost in Packaging
The security threats that face organizations, small and large, are ever-changing and the solutions for combating these threats should be as well. As such, there is not a static definition of what services should be considered standard within a UTM appliance. Never make any assumptions – always be sure to ask exactly what is included in the offering you are evaluating.
Fueling the confusion for end-users, vendors all take a slightly varied approach when it comes to pricing and packaging. Be on the look out of a la cart pricing for each service and for locked functionality within management platforms that quickly raise deployment costs.