UTM Devices - Avoid Black Magic Scoping

Since the Dark Ages, organizations have contacted wizards to help determine the security devices they need to defend themselves against the evils trying to penetrate their fortresses. While wizards and other purveyors of the dark arts might have been sufficient in the Middle Ages, today, organizations should avoid black magic style scoping of UTM devices.

I say this in jest. But, scoping security hardware, especially UTM devices, can be confusing, overwhelming, and frustrating. For years, we have relied on consultants or people of knowledge to make decisions on the “black box” that will protect the organization.

The first questions an organization needs to ask itself:

  • Do we have the experience in-house to scope the device?
  • Do we hire a consultant?
  • Do we outsource?

No matter which route we take, knowledge is power. Do some research and ask questions. So, let’s take a look at some more questions to help determine which hardware to select and possibly select a service provider.

  • Do you know your environment and required demands? For example, are you operating under regulatory compliance constructs like FFIEC, HIPAA, or PCI?
  • What is your network architecture?
  • What services do you need? Some common service requirements you might need include firewall, intrusion detection/prevention, application filtering, web content filtering, gateway anti-virus?
  • Do you have remote users, remote sites, or vendors that need to be connected?
  • Do you have a disaster recovery plan?
  • Do you need additional devices for other critical sites?
  • What future growth is your organization likely to experience—additional sites, new applications, more employees, SD-WAN?

This last question is the most difficult, but contemplating these issues increases the odds of acquiring a device that will last at a minimum of three years, with the hope that it could last five years.

Now let’s demystify the black box. All security vendors put out marketing literature that says their device is the greatest—set it and forget it. The reality is, all vendors conduct speed and other performance tests on their hardware in highly controlled environments. They activate a single service under a predictable load, and not surprisingly, it’s faster than a speeding bullet and more powerful than a locomotive. The truth is, activating a single service on the device will allow it to attain a higher level of capability, though not as much as under the controlled test; still it will be impressive.

But, as we activate additional services, multiple protocols, surfing, etc., the load on the devices will increase substantially. The UTM device that was billed as more powerful than a locomotive performs more like an ordinary four-cylinder car.

So how can we truthfully calculate the horsepower of a device and figure out what you need? The truth is based on the answers to the questions listed above.

The load on the device will be based on which services are active, how much you are downloading, and how much communication you are encrypting. Depending on the device, it may drop to 30-50% of the rated values. This sounds like a lot, but remember that each vendor has a threshold that they don’t want their processor to cross. This threshold will range from 60-80% of their capacity.

What does all this mean to you as you make the UTM device decision for your organization? You have to do your research. It may be on your exploration, or you may choose to have conversations with consultants, hardware vendors, or managed security service providers.

I suggest that you have multiple discussions, maybe after you speak with a consultant or vendor, with managed security providers. Managed security providers work with different vendor hardware, giving them a unique perspective. They configure and monitor these UTM devices, so they should have a good picture of what will meet your needs for today and well into the future.

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.

Healthcare

Affordable defenses for a sector under attack.

Retail

SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.

ACET

Automated Cybersecurity Examination Tool

HIPAA

Health Insurance Portability and Accountability Act

PCI DSS

Payment Card Industry Data Security Standard

FFIEC

Federal Financial Institutions Examination Council

GLBA

Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.

Resources

Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.

Careers

Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.