In our recent webcast discussion alongside panelists from Fortinet, NSS Labs and General Motors, we examined the State of the Firewall in 2013. We received more audience questions during the webcast than the time allowed for, so we’d like to answer these questions through several blog posts in a Q&A format with the panelists.
By far the most asked question leading up to and during the webcast was:
“What’s the difference between a UTM and a Next-Generation Firewall?”
Here’s how our panelists responded:
Pankil Vyas, Manager – Network Security Center, GM
UTM are usually bundled feature set, NGFW has bundle but licensing can be selective. Depending on the firewall’s function on the network, some UTM features might not be useful, creating performance issues and sometimes firewall conflicts with packet flows.
Nimmy Reichenberg, VP of Strategy, AlgoSec
Different people give different answers to this question, but if we refer to Gartner who are certainly a credible source, a UTM consolidates many security functions (email security, AV, IPS, URL filtering etc.) and is tailored mostly to SMBs in terms of management capabilities, throughput, support, etc. A NGFW is an enterprise-grade product that at the very least includes IPS capabilities and application awareness (layer 7 control). You can refer to a Gartner paper titled “Defining the Next-Generation Firewall” for more information.
Ryan Liles, Director of Testing Services, NSS Labs
There really aren’t any differences in a UTM and a NGFW. The technologies used in the two are essentially the same, and they generally have the same capabilities. UTM devices are typically classified with lower throughput ratings than their NGFW counterparts, but for all practical purposes the differences are in marketing. The term NGFW was coined by vendors working with Gartner to create a class of products capable of fitting into an enterprise network that contained all of the features of a UTM. The reason for the name shift is that there was a pervasive line of thought stating a device capable of all of the functions of a UTM/NGFW would never be fast enough to run in an enterprise network. As hardware has progressed, the capability of these devices to hit multi-gigabit speeds began to prove that they were indeed capable of enterprise deployment. Rather than try and fight the sentiment that a UTM could never fit into an enterprise, the NGFW was born.
Patrick Bedwell, VP of Products, Fortinet
There are several definitions in the market of both terms. Analyst firms IDC and Gartner provided the original definitions of the terms. IDC defined UTM as a security appliance that combines firewall, gateway antivirus, and intrusion detection / intrusion prevention (IDS/IPS). Gartner defined an NGFW as a single device with integrated IPS with deep packet scanning, standard first-generation FW capabilities (NAT, stateful protocol inspection, VPN, etc.) and the ability to identity and control applications running on the network. Since their initial definitions, the terms have been used interchangeably by customers as well as vendors. Depending on with whom you speak, UTM can include NGFW features like application ID and control, and NGFW can include UTM features like gateway antivirus. The terms are often used synonymously, as both represent a single device with consolidated functionality. At Fortinet, for example, we offer customers the ability to deploy a FortiGate device as a pure firewall, an NGFW (enabling features like Application Control or User- and Device-based policy enforcement) or a full UTM (enabling additional features like gateway AV, WAN optimization, and so forth). Customers can deploy as much or as little of the technology on the FortiGate device as they need to match their requirements.
If you missed the webcast, you can view it on-demand. We invite you to continue this debate and discussion by commenting here on the blog or via the Twitter hashtag #firewall2013.
Receive notifications of new posts by email.