UTM Systems for Enterprise Security Debated

October 13, 2009 by ADMIN

Share |

By Richard Stiennon, Chief Research Analyst, IT-Harvest

I rarely fall prey to flame bait.

Usually I can safely ignore the rabid attacks and obviously self-interested positions taken by bloggers who work for IT security vendors.

But this blog post from Greg Young, one of the most influential IT Security analysts demands a rebuttal.

It is titled: Unicorns, Pixies, and Enterprise UTM, and says in part:

At Gartner, we haven’t seen enterprises shifting to using UTMs or SMB multifunction firewalls, nor do we forecast that this will happen any time soon.

Sigh. Greg, Greg, Greg , talk about putting a stake in the ground. Never have I seen an analyst firm so adamantly defend the status quo.

You have not allowed yourself much wiggle room.

In essence you are saying that the enterprise, as represented by organizations that employ 1,000 or more, is forever stuck with Check Point, Cisco, and Juniper firewalls.

Would Gartner go on record that Windows is the desktop platform for the enterprise now and forever?

Would Gartner analysts ignore the rise of Google and cloud based services? Are they ready to say that Google will fail and Microsoft will prevail?

Don’t forget Gartner’s famous call that OS2 would prevail over Windows.

Are you ignoring the Innovator’s Dilemma? The entrenched vendors will be muscled aside by the upstarts as surely as 100 gig switches will replace 10 gig in the not too distant future.

But back to your rather definitive rant against UTM in the enterprise. You state that your position is based on Gartner Research.

As you well know, most of your research is based on daily interactions with the 10,000+ Gartner clients who, by your own measurements, are 80% late adapters.

I would propose that by their very action of sticking with legacy firewalls these enterprises are merely demonstrating their reluctance to change.

I would further propose that when a better way of doing things arises an analyst who seeks to shed light on the future for his lackadaisical client base would attempt to nudge them towards the light of change: enhanced security, better control, and lower total costs as demonstrated by the Enterprise Class UTM vendors.

You have stepped into King Canute’s sandals and cried at the rising tide: STOP!

Better you should shield the earth with your outstretched hand and cool its heated brow than rail against technology change and innovation.

You have made it simple for someone to refute your stance.

You have defined the enterprise (1,000+), you have stated that the enterprise adaption of UTM is non-existent.

All that has to happen is for someone to point you to ONE example to refute your stance. You have already attempted to deflect that by your statement:

Also, carriers, ISPs, and hosting companies aren’t enterprises: they are carriers, ISPs, and hosting companies.

A futile syllogism since all you do is postpone the day of reckoning when your clients inexorably adapt UTM in the enterprise as the technology crosses Jeffrey Moore’s Chasm.

By the way, a tip to the wise: if you want to see the future of networking technology look at the organizations that have the most challenging environments for early adoption.

That’s right: carriers, ISPs and hosting companies. Examine if you will these enterprise users of UTM devices from Fortinet.

They each had different requirements that led them to pick Fortigate over the legacy firewalls. Perhaps they even use the Fortigate as a firewall allowing you to argue that they are not using UTM.

Apparently not based on the following links:

Polycom: 2,648 employees in this teleconferencing company. They are protecting their corporate headquarters with Fortinet. Watch the video of Mark Thames, Director of Security and Networks talk about why he replaced Check Point firewalls with Fortigear.
CKE Restaurants, the company that operates Carl’s and Hardy’s has 23,000 employees but probably a lot fewer desktops. Sure they are an example of distributed enterprise that you denigrate. But they also use Fortinet to protect headquarters.
Here is a video of Tom Lindblom, Vice President and Chief Technology Officer at CKE Restaurants
Havalls Sylvania: Yes, the light bulb manufacturer. According to Hoover’s they have 1,400 employees and over $200 million in revenue. Since they are a manufacturer you may argue that they have fewer than 1,000 desktops. Would you classify them as an SMB? In addition to their headquarters, Sylvania has 52 sites around the world protected by Fortinet technology.
Volkwagon Mexico is the only manufacturer of the VW Beetle. They employ 14,700 people. They certainly fit my definition of the enterprise. They use Fortinet to protect headquarters as well as 300 dealerships in Mexico.
Honda New Zealand is another example of an auto manufacturer. Enterprise? Yes. Fortinet UTM? Yes.
Troon Golf, a golf course management company has 1,500 users and has deployed a Fortigate 500 UTM appliance to protect its corporate HQ in Scottsdale, Arizona as well as at 65 locations.
Ashland, Inc. a Fortune 500 chemical company employs 11,900 people. From Fortinet’s press release: Ashland has deployed Fortinet’s enterprise-class FortiGate™-5000 Series, FortiManager™ and FortiAnalyzer™ management and reporting appliances at its headquarters.
American Axle, a Fortune 1,000 company has deployed an array of FortiGate® multi-threat appliances for firewall, virtual private network (VPN), Web content filtering and intrusion prevention at its national and international locations. They have 7,800 employees.
Nissan Korea: Nissan is a Fortune 50 company in Japan and they use Fortinet gear in their South Korea headquarters.

Enterprise? Oh yes.

In addition to these nine enterprises I have personally talked with dozens of Fortinet customers that fit your definition of “enterprise”, many of them government entities that cannot go on record with their chosen security products.

Why have you picked this particular windmill to tilt at? I would think there would be other dragons to slay.

Dragons like NAC, or the silly Jericho Forum notion of de-perimeterization (Perhaps I should call these dinosaurs as they are quickly becoming extinct.

No, dragons is right, mythical beasts whose defense relies on their digestive track running backwards).

I do not expect a response. I have been in your shoes and the best strategy is to ignore the dissenting rabble.

But, you are wrong by the evidence presented here. Enterprises *are* using UTM solutions.

Further, legacy firewall vendors, through their failure to protect against web, email, and IM based attacks are doomed.

They must re-invent themselves or go the way of proxy firewalls: oblivion.

Full disclosure: I was VP Research at Gartner from 2000 to 2004. I was CMO for Fortinet for 14 months ending January 2008. I have no stock/warrants/options/bonds in any company other than IT-Harvest.

Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.

Simply provide your email address here to become a subscriber.

Comments and input are welcome as always on this critical new category.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He recently re-launched the security blog ThreatChaos.com and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software. Before Webroot, Mr. Stiennon was VP Research at Gartner Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting, and managed security services for the Security and Privacy group. He is a holder of Gartner’s Thought Leadership award and was named “One of the 50 most powerful people in Networking” by NetworkWorld Magazine.

* * *

Stay Informed With ISR News Feeds and Email Alerts Here:

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.