A Journey to the UTM Safari : By - Mahesh Gupta Business Development Manager, Cisco India & SAARC

Evolution is the permanent feature of this universe – be it the human evolution or the technology evolution. If there is no evolution, then the world would easily become insipid, stale and non-progressive. If we study some finer aspects of the technology evolution, it is the Information Technology, which has evolved faster than any other form of technology. Though evolution is a natural process, but in the case of security solutions it is the demand of situation that has compelled the people to evolve new technology to fight back the malice.

 

In the information technology, security technology has come a long way from a rudimentary form of desktop security – that is, antivirus, then firewall, IDS, IPS, anti-spyware, URL filtering, etc. And, today, people are talking about Unified Threat Management or UTM, an integrated security product with multifunctional services.

 

UTM, like many other IT products, has grown very fast. Perhaps, within two years from now, this wonderful product surfaced in the market, but today it has hogged all the limelight. The market has accepted UTM obviously because of its natural advantage over standalone products and the vendors, who were traditionally strong in security solutions, all have stepped into the ring of UTM bout. And, it is a worldwide phenomenon.

 

Today, India, with a large market for other IT products, offers a huge market for UTM. All the worldwide large players including Cisco, Fortinet, SonicWALL, Check Point, etc. are present in this market and investing to make it popular. And, it is good to see that all the vendors are distinct from each other so far as their products are concerned. Of course, UTM is not a product. Actually, it is a solution in an appliance.

 

Cisco perhaps is only a networking player which, along with complete solutions for networking, has UTM solutions. Cisco adopts a Self Defending Network (SDN) approach to security that helps customers manage and mitigate risks more effectively. Cyberoam, on the other hand, is the only identity-based UTM appliance series which embeds user identity in firewall rule matching criteria. This offers instant visibility and proactive controls over security breaches. It recognizes the user anywhere, anytime in the network and offers the user identity – not just IP addresses in its reporting. Similarly, SonicWALL’s family of network security appliances combines robust security services with high-speed deep packet inspection to provide organizations of all sizes the best protection. And, Check Point’s UTM-1 appliances deliver uncompromising levels of security, while streamlining deployment and administration.

 

Mahesh Gupta, Business Development Manager, Cisco India & SAARC, says, “As part of the SDN Framework Cisco offers Adaptive Threat Defense (ATD) solution that helps to further minimize network security risks by dynamically addressing threats at multiple layers, enabling tighter control of network traffic, endpoints, users, applications. ATD also simplifies architectural designs and lowers operational costs. This innovative approach combines security features, multilayer intelligence, application protection, network-wide control and threat containment within high-performance solutions.”

 

The key components of ATD include Anti-X defenses, (Prevent and respond to network threats through a combination of innovative traffic and content-oriented security services), Application security, (Provide advanced business-application protection through the use of application-level access controls, application inspection, and enforcement of appropriate application-use policies, web-application control, and transaction privacy), Network control and containment (Network intelligence and the virtualization of security technologies provides the ability to layer sophisticated auditing and correlation capabilities to control and help protect any networked element or service such as Voice over IP (VoIP) with active management and mitigation capabilities and VPN features such as IPSec VPN and SSL VPN.

 

Digvijaysinh Chudasama, Vice-President – Sales, Cyberoam, says, “With such identity-based security, Cyberoam ensures high levels of security even in dynamic IP environments like DHCP, Wi-Fi, in addition to Multiple Users-Single Machine scenario like educational institutions and call centres.

 

It lets the system administrator formulate and apply customized access policies in accordance with business needs. With user identity embedded in its firewall rule-matching criteria, Cyberoam is the only UTM to offer single page centralized policy creation for all the security features – Firewall, Anti-virus, Anti-spam, Content Filter, IDP, Bandwidth and Multi Link Manager. Plus, enterprises have the flexibility to set their policies based on department, hierarchy, group, user or any combination.” Shubhomoy Biswas, Country Manager – India, SonicWall, says,–“SonicWALL TZ and PRO Series appliances are designed to reduce cost, risk and complexity by integrating automated and dynamic security capabilities for comprehensive protection and maximum performance.”

 

SonicWall Deep Packet Inspection: SonicWALL provides both all-in-one and standalone security solutions that are based on our award-winning deep packet inspection engine. Our appliances combine our real-time deep packet inspection engine with dynamically updated gateway anti-virus, anti-spyware, intrusion prevention, enforced desktop antivirus, content filtering and secure wireless capabilities into an easy-to-manage solution.

 

Enterprise-Class Multi-Service Security Platform: The SonicWALL PRO Series of firewalls offers enterprise-class networking, routing, firewall, secure wireless, IPSec VPN, and security services in an easy-to-manage appliance. The PRO Series has support for IPSec VPN to support your mobile workforce, secure wireless through SonicPoint Access Points, and virtual LANs to extend your corporate network to remote sites.

 

Security platform for home, small and remote/branch offices: The SonicWALL TZ Series is the ideal total security platform for home, small and remote/branch offices. Available in multiple hardware and node configurations, the TZ Series allows you to add features and functionality when your network needs them.

 

Simple to Use, Simple to Manage: SonicWALL network security solutions are designed for simple deployment, intuitive management and lowered total cost of ownership. Every TZ and PRO Series appliance features SonicWALL’s innovative Web interface which utilizes a comprehensive suite of easy-to-use configuration and management wizards.

 

Bhaskar Bakthavatsalu, Country Sales Manager, Check Point Software Technologies Ltd., India & SAARC, says, “Check Point’s UTM-1 appliances deliver proven, tightly integrated security features to provide the perfect blend of simplicity and security.”

 

UTM-1 appliances offer a complete set of security features including firewall, intrusion prevention, antivirus, anti-spyware, Web application firewall, VoIP security, instant messaging (IM) and peer-to-peer (P2P) blocking, and Web filtering, as well as secure site-to-site (IPSec VPN) and remote access connectivity (SSL VPN) He adds, “Our UTM deploys industry’s best firewall in the market and also provides a mature VPN technology. SmartDefense Services maintain the most current pre-emptive security for the Check Point security infrastructure. This helps enterprises to stay continuously ahead of today’s constantly evolving threat landscape as it deploys both signature and anom aly based intrusion prevention system.”

 

Cisco Adaptive Security Appliance (ASA) 5500 Series, is an innovative family of multi-function security appliances that help stop attacks before they spread through the network. This Adaptive Security Appliance series is a modular platform that provides the next generation of security and VPN services. The Enterprise Editions include four location-specific options, i.e. Firewall Edition, IPS Edition, Anti-X Edition and VPN Edition.

 

Each edition combines a focussed set of services to meet the needs of specific environments within the enterprise network, enabling superior protection. The Cisco ASA 5500 Series enables standardization on a single platform to reduce overall operational costs for security.

 

The Cisco ASA 5500 Series controls network and application traffic, delivers flexible Virtual Private Network (VPN) connectivity, and reduces the overall deployment, operations costs and complexity that would otherwise be associated with this level of comprehensive security. A key component of the Adaptive Threat Defense phase of the Cisco Self-Defending Network (SDN) security strategy, the Cisco ASA 5500 Series includes the Cisco ASA 5505, Cisco ASA 5510, Cisco ASA 5520, Cisco ASA 5540 and the ASA 5550 products. This appliance family is designed to span from small- and medium-sized businesses to large enterprises and Service Providers, and is purpose built for concurrent services scalability and unified management. This enables high-performance and simultaneous operation of multiple security services without added operational complexity.

 

The Cisco ASA 5500 Series delivers advanced adaptive threat defense services including Anti-X defenses, Application security, and Network containment and control that are designed to provide unified and thorough protection of business-critical resources. It provides customers with network-based Anti-X defenses for worm and virus mitigation, spyware/adware protection, network traffic micro-inspection, hacker and intrusion prevention, and Denial of Service (DoS) prevention, all with on-device security event correlation. As per the company, Cyberoam is a unique product in the UTM industry with distinctive advantage over all other UTMs. Cyberoam is the only identity-based UTM which links user identity with security.

 

The single, most important benefit that Cyberoam offers to customers is by allowing them to control as well as protect individual users apart from the enterprise. It does this by binding user identity to security. In doing so, it protects enterprises not just from external threats that are increasingly targeting the individual user, but also internal threats that account for over 50 per cent of network breaches today. Since the user is proving to be the weakest link in the security chain today, Cyberoam embeds user identity in firewall rule matching criteria, eliminating IP addresses as intermediate components to identify and control the user. This offers instant visibility and proactive controls over security breaches and facilitates single screen policy creation and dynamic change in the security policies while accounting for user movement and supporting business flexibility. At the feature level, Cyberoam’s comprehensive security offers a complete security feature set that includes Identity based Firewall, VPN, Gateway level Anti-virus and Anti-spam, Intrusion Detection and Prevention (IDP), Content Filtering along with Bandwidth Management, Multiple Link Management and reporting on a single platform.

 

With a unique product offering and over 1,700+ installations globally and a wide channel partner network, Cyberoam gives stiff competition to other UTM players and traditional single-point solution providers like Firewall, VPN, anti-virus, anti-spam and content filtering solution providers, as enterprises are largely replacing their individual security solutions with integrated appliances like Cyberoam.

 

SonicWall claims to be the market leader in the Indian market. It has assumed three-digit growth for the last three consecutive years in the UTM space. According to Biswas, “Technologically, SonicWall products are from the top-drawer.” According to Bhasker, Check Point provides industry’s most proven firewall that secures hundreds of applications and protocols. Simplicity of UTM with proven security only Check Point can offer. It scales for enterprises of all sizes and new functionality such as SSL VPN connectivity or Web application firewall can be easily added. Check Point provides enterprise grade protection for the product on floor with the same award-winning technology used by 100 per cent of the Fortune 100 companies. Check Point UTM solution provides total visibility and control of all security functions from a single console—streamlining security management and operations. These advanced UTM features and centralized management are available without additional hardware.

 

Fortinet’s FortiGate family of UTMs, which deliver complete content protection in real-time, with the integration of essential security capabilities, such as antivirus, firewall, IPSec- and SSL-VPN, intrusion prevention (IPS), web filtering, traffic shaping and anti-spam. Fortinet’s FortiGate systems are ICSA-certified eight times over, and are Common Criteria EAL-4+ compliant.

 

For some time from now, there was a talk that channel network is going to perish in the IT industry, but with UTM appliances this prediction stands null and void because without channel partners and VARs UTM appliances cannot be installed at the customers’ place. And organizations like Select Technologies and Inflow Technologies have shaped up to be the pure play security distributors. But, today, large distributors like Ingram Micro and Redington have also been focussing on security space. On the other side, all these UTM vendors are 100 per cent going through the channel route. Mahesh says, “Cisco is totally a channel-driven company. In fact, 100 per cent of our business flows through channel partners. Therefore, we will rely heavily on our channel partners to help develop and penetrate enterprise and SMB market globally and in India.” Cisco is present”in over 100 cities through 1,500 resellers. Besides, it works through eight System Integrators - Cable & Wireless, Datacraft, HCL Comnet, HP, IBM, TCS, Integrix and Wipro. Besides, the company has six Gold Certified Partners, i.e. Cable & Wireless, Datacraft, HCL Comnet, HP, IBM, Wipro, three Silver Certified Partners – Integrix, TCS and CMC, as well as two distributors – Ingram Micro and Redington.

 

Cisco is committed to collaborating with partners to help create unprecedented growth and profit opportunities. To ensure that Cisco channel partners are appropriately equipped, we have initiated various certification and partner programmes.

 

The Cisco Channel Partner Programme integrates the technology focus of each Cisco Partner through Specialization, flexible individual career certification requirements, customer satisfaction targets, and pre- and post-sales support capabilities. We help partners differentiate themselves from the competition and reach out to customers with Cisco credibility. Cisco Channel Incentive Programmes are designed to reward partners who successfully align their business strategies in defined advanced technologies, new business, or solution sales opportunities. The incentive programmes include: Opportunity Incentive Programme (OIP), Value Incentive Programme (OIP) and Solutions Incentive Programme (SIP). Qualifying channel partners can participate in these programmes and realize economic benefits in the form of additional discounts or rebates, depending on the specific programme.

 

Cyberoam has partnered with Avaya GlobalConnect (AGCL) for national distribution and a set of regional distributors, i.e. Taarak India Pvt. Ltd., Texonic Instruments, Icenet, Sejutronics, etc. Besides, it has 60+ partners in India. The company is in the process of appointing more partners globally. The advantage is Cyberoam has a low- cost operation base in Ahmedabad with its design, engineering, development, support, global distribution and marketing based out of Ahmedabad (India). SonicWALL is also a hundred per cent channel-driven company. It has three distributors with deep understanding of security market in India and experience in reaching out to all verticals of the industry, i.e. Select Technologies, IT Secure and Redington, which they have tied up very recently.

 

Check Point operates through three national distributors, i.e. are Inflow Technologies, Ingram Micro and Select Technologies. It also has three Gold Partners, i.e. HCL Comnet, Ramco and Wipro and six Silver Partners including Datacraft, N&N Systems, Ontrack Solutions, Sify, Softcell and Taarak and fifty Bronze Partners.

 

Apart from right channel engagements, service support is the major concern in the UTM space. Unlike other products, UTM requires a robust support mechanism. Digvijaysinh says, “We believe that the key for a long-term relationship with the customers is to understand customers’ business, their security need, and how to enable them to utilize the solution to meet this need.”Cyberoam offers 24 x 7 online assistance through Web chat, e-mail and telephonic support, knowledge base, end-to-end process automation enables us to meet the support need that ensures highest level of customer satisfaction. Fortinet has tied up with ProCurve Networking by HP to enable secure networks for customers worldwide. Through this alliance, Fortinet has extend FortiGate multi-threat security platform to the ProCurve network environment, playing a role in ProCurve’s ProActive Defense strategy to proactively secure networks against internal and external threats.

 

Fortinet FortiGate multi-threat security appliances are scalable, comprehensive network and content protection platforms that integrate eight essential security applications and services, including antivirus, firewall, VPN, intrusion prevention (IPS), anti-spam, anti-spyware, Web filtering and traffic shaping.

 

SonicWALL offers a comprehensive curriculum of Technical Training Services and unique Consulting Services tailored to meet the needs of its customers. SonicWALL support services are designed not only to keep the security infrastructure current, but also to react swiftly to any problem that may occur. SonicWALL’s support services also include crucial updates and upgrades, the finest technical support, access to extensive electronic tools and timely hardware replacement. It offers services through three windows, which are Web-based and telephone-based through the toll-free number +1 800 425 9255. The company has now made the SonicWALL Partner Portal available to obtain technical support.

 

Bhaskar says, “Check Point Support programmes ensure that our customers have immediate access to critical resources when they need them.”

 

Check Point offers full range of features and benefits depending on the service level that customers choose. It ranges from just hot fixes and major upgrades to 24/7 support. Besides, Check Point Collaborative Enterprise Support combines first-line support from your local Certified Collaborative Support Provider (CCSP) with full back-end support from Check Point. This support programme was launched last year as there was a need for local expert who can understand customer’s specific needs and can provide onsite support, if needed. They are backed by Check Point’s worldwide support teams and in-depth resources 24 hours a day. We also provide direct access to our large, online, self-service knowledge base to quickly and easily answer your questions and reduce support time and cost.

 

For issues that cannot be resolved for some reason by the CCSP, Check Point provides the CCSP access to Check Point’s Technical Access Centre for escalation of service requests requiring backline support for customer problem diagnosis and resolution. In case of hardware failure, as soon as Check Point Support confirms the problem requires hardware replacement, an RMA is issued. Check Point sends a replacement appliance Next Business Day to replace the defective one with shipping costs borne by Check Point. As UTM is a critical product, Cyberoam has CR family of products with seven models including CR25i, CR50i, CR100i, CR250i, CR500i, CR1000i and CR1500i, which suit the requirements of small to large enterprises from 50 to 1,500 users. Recently, at Communic Asia, Singapore, Cyberoam demonstrated its CR25i UTM – ideal for the SOHO and ROBO market.

 

Similarly, SonicWALL has three families of products, including PRO Series, TZ Series and TotalSecure series. When the PRO Series is for the companies requiring rock solid network protection coupled with fast, secure VPN access for remote employees. TZ is for home, small and remote/branch offices and TS series is an all-in-one solutions combining a high-performance deep packet inspection firewall and dynamic security services to keep the network safe from viruses, spyware, worms, Trojans, etc. Check Point family of UTM appliances include UTM-1 for 250 to 1,000 users, VPN-1 UTM Edge includes both wired wireless models with integrated ADSL option, VPN-1 UTM Edge Industrial combines antivirus, firewall, intrusion prevention, and VPN technologies to protect networked industrial equipment on the production floor from unauthorized access and attack and VPN-1 UTM.

 

Check Point is the only player in the market who provides both hardware and software options for UTM. This provides customer the flexibility of choosing the hardware. Similarly, its Safe@Office is designed for the small business, which is available in both wired and wireless options and comes integrated with ADSL modem. Even though UTM is not a consumer product, yet vendors do not forget to promote the brand as the competition is quite high. Cyberoam focusses most on Certifications, Product Reviews, advertising and promotion campaigns. Similarly, SonicWALL speads heavily on road shows, seminars, expositions, partner training programmes, customer/user forums, etc. Check Point has always been an active participant at most industry forums and road shows. The company believes in empowering its partners through training and awareness campaigns on a continuous basis.

 

A little bit knowledge on R&D activities of the vendors can bring confidence to the customers. Cyberoam has a highly competent and focussed technical team and focussed state-of-the art R&D centre at Ahmedabad. According to Check Point, over one-third of Check Point employees worldwide are in R&D. In 2006 alone, the company has spent $62 million in R&D.

 

Today, market for UTM is not restricted to class-A cities, the solution has also been accepted in B- and C-class cities. Therefore, all the major vendors are beefing up their network in such cities, though they have indirect presence through their distributors and channel partners.

 

The UTM space is so alluring in India that it has forced the vendors like ISS, Crossbeam, Secure Computing, etc. to the Indian market and Juniper, Symantec and McAfee are already here for a long time and at any time they can change their focus and strategy. I also strongly believe that the end-to-end networking solution vendors like Nortel, 3Com Huawei, D-Link, Netgear, DAX, Micronet, etc. will soon be seen offering UTM or acquire some vendors to enlarge their solutions. 3Com has already acquired TippingPoint, the IPS provider.

 

It is no doubt that evolution in the security space will keep on happening. One just cannot imagine what will be the size and shape and what kind of new capability will be added to it, but, for the time being, UTM at the present shape is a choice of the enterprises.