When Selling UTM, NGFW, Network Firewall, IPS

An NSS Labs report has triggered me to share opinions and experience on selling UTM, NGFW, Traditional Network Firewall, and Network IPS.

• Most enterprise would NOT refer UTM
• I started to hear of UTM since 2005, when I was handling sales and marketing for SME segments. At that time we are selling Fortinet and Zywell UTM. However, most of the time, SME client use them as an afforable firewall or VPN Gateway. Check Point, Nokia, Cisco are considered as a luxury products for most SME. Clients seldom using the value-added anti-X features on the UTM.
• From my observation, larger clients (which I called Enterprise) would not prefer UTM. UTM are consideraed as a SME products.
• Nowadays, although UTMs are available in much larger throughputs and solution are getting more mature. Enterprises are still hesitate to use UTM (even used as a pure firewall) mainly because of corporate standard that can "encoded" Check Point (and the acquired Nokia), Cisco, or Juniper as the Firewall Standard.
• Another reason I could "feel" is a pretty political one (Please forgive me if I am saying it wrongly. Just my personal sharing here.). Most Enterprises (again large companies) has different personels or teams assigned to handled different IT solutions, like Team A is handling Firewall solution for e-banking and internal staffs, and Team B is handing IPS for internal staffs while Team C is taking care of DLP and End-Point security of internal staff. Each team is using different best-of-breed solution in that area. Most of the time those are not the same brand of solution, and are managed by different managment consoles by corresponding teams. It is not difficult to image the political and personel issue that could be generated if all the mentioned solutions are "integrated" into a single big UTM.


• Vendors of Tradition Firewall are "Changing" their solution to Next-Generation Firewall

• Due to increased attack on application level, traditional firewall no longer satisfied the need. Therefore, NGFW is getting market attention.
• Check Point and Cisco, having a strong footprint on Enterprise market, are developing NGFW to target lower end market, like Mid-Market and SME, since around 2009. Obviously, aims of this action is to expend the market share as well. There has triggered a lot of struggle among these vendor and their key partners, because of this stift of focus on the solution, where the mid-market and SME segment may not be the focus of those key partners.
• However, when coming to Mid-Market, these "big" vendor would face competition from other "smaller" vendor, like Fortinet, Juniper, Sonicwall, etc.
• On the other hand, "smaller" vendors are no longer still small. By referring Fortinet and Juniper website, firewall/NGFW with extremely high throughput are generally available. These vendors are starting to win some big cases in FSI, due to it price/value performance.
• Beside the shift of market position among vendors, pricing of firewall/NGFW has been changing quite a lot. Firewall price is getting higher, while NGFW is getting lower.


• No Matter UTM or NGFW, Best-of-Breed are still more Technically preferred.
• Throughput the years of my selling of UTM (or NGFW), it is not rare to hear client's negative feedback on "additional" features of on the "Firewall". For example, the non-working bundled SSL VPN, un-ready secure remote access from mobile device with only beta version of hotfix available. Poorly downgraded performance is recorded when anti-X features are activated.
• This is pretty in-synch with NSS labs comment in 2012 NGFW group testing.

This free-to-download brief report, although not disclosing very much in details, has discovered some key point from NSS labs. I would recommend you can download and take a look. NSS Labs Report (What do you need to know about NGFW)