UTM Devices – Avoid Black Magic Scoping

UTM Devices - Avoid Black Magic Scoping

 by Jerry Piatkiewicz, Security Engineer

Since the Dark Ages, organizations have contacted wizards to help determine the security devices they need to defend themselves against the evils trying to penetrate their fortresses. While wizards and other purveyors of the dark arts might have been sufficient in the Middle Ages, today, organizations should avoid black magic style scoping of UTM devices.

I say this in jest. But, scoping security hardware, especially UTM devices, can be confusing, overwhelming, and frustrating. For years, we have relied on consultants or people of knowledge to make decisions on the “black box” that will protect the organization.

The first questions an organization needs to ask itself:

  • Do we have the experience in-house to scope the device?
  • Do we hire a consultant?
  • Do we outsource?

No matter which route we take, knowledge is power. Do some research and ask questions. So, let’s take a look at some more questions to help determine which hardware to select and possibly select a service provider.

  • Do you know your environment and required demands? For example, are you operating under regulatory compliance constructs like FFIEC, HIPAA, or PCI?
  • What is your network architecture?
  • What services do you need? Some common service requirements you might need include firewall, intrusion detection/prevention, application filtering, web content filtering, gateway anti-virus?
  • Do you have remote users, remote sites, or vendors that need to be connected?
  • Do you have a disaster recovery plan?
  • Do you need additional devices for other critical sites?
  • What future growth is your organization likely to experience—additional sites, new applications, more employees, SD-WAN?

This last question is the most difficult, but contemplating these issues increases the odds of acquiring a device that will last at a minimum of three years, with the hope that it could last five years.

Now let’s demystify the black box. All security vendors put out marketing literature that says their device is the greatest—set it and forget it. The reality is, all vendors conduct speed and other performance tests on their hardware in highly controlled environments. They activate a single service under a predictable load, and not surprisingly, it’s faster than a speeding bullet and more powerful than a locomotive. The truth is, activating a single service on the device will allow it to attain a higher level of capability, though not as much as under the controlled test; still it will be impressive.

But, as we activate additional services, multiple protocols, surfing, etc., the load on the devices will increase substantially. The UTM device that was billed as more powerful than a locomotive performs more like an ordinary four-cylinder car.

So how can we truthfully calculate the horsepower of a device and figure out what you need? The truth is based on the answers to the questions listed above.

The load on the device will be based on which services are active, how much you are downloading, and how much communication you are encrypting. Depending on the device, it may drop to 30-50% of the rated values. This sounds like a lot, but remember that each vendor has a threshold that they don’t want their processor to cross. This threshold will range from 60-80% of their capacity.

What does all this mean to you as you make the UTM device decision for your organization? You have to do your research. It may be on your exploration, or you may choose to have conversations with consultants, hardware vendors, or managed security service providers.

I suggest that you have multiple discussions, maybe after you speak with a consultant or vendor, with managed security providers. Managed security providers work with different vendor hardware, giving them a unique perspective. They configure and monitor these UTM devices, so they should have a good picture of what will meet your needs for today and well into the future.



Managed Detection & Response

Comprehensive solutions to detect, prioritize, and address security incidents.

Managed Security Services

24 X 7 X 365 monitoring, management, and system maintenance.

Email Protection Suite

Monitor and manage your email environment with advanced email security and compliance protections.

Cloud Email & Collaboration

Cloud office productivity enhanced with proven security and compliance protection.

How does SilverSky's integrated stack of solutions meet your needs?

Compliance & Risk Services

Assess your program and controls, benchmark and identify areas for improvement. Develop your security roadmap for investment and improvements. Effectively measure ROI and impact on your security posture

Incident Response Readiness

Incident Response Plan Development / Review. Incident Response Readiness Review. Emergency Incident Response.

Discuss your compliance, risk management and incident response readiness needs.

Schedule Free 1-on-1 Consultation

Financial Services

1,500+ small & mid-sized financial institutions rely on SilverSky to meet and exceed FFEIC, GLBA and PCI DSS requirements and overall cybersecurity needs.


Hundreds of small & mid-sized healthcare organizations rely on SilverSky to address HIPAA and other regulatory requirements and serve overall cybersecurity needs.


Small and mid-sized retail organizations count on SilverSky to maintain PCI DSS requirements, secure customer data and reduce cybersecurity threats.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.


White papers, guides, tools, on-demand webinars, case studies and more. Explore a range of topics. 



Product Sheets

SilverSky product and services information at your fingertips. Product data sheets, compliance matrixes, & brochures.

How Exposed Are You?

Take the test to see how your security program compares with other businesses like yours.

About Us

Did you know that SilverSky enjoys a 97% customer satisfaction rating and a 87.5% customer retention rate from thousands of small and mid-sized companies?

Looking to strengthen your cybersecurity?

Become A Partner

Partner with SilverSky to tap into the approaching $300 billion+ cybersecurity market.

Talk to one of our partner managers and consider expanding your cybersecurity offerings.

Schedule Partner Exploration Discussion