The Security Connection Between WAN , Virtualization and UTM

By Richard Stiennon

(Back to article)

I have been thinking about recent trends in the network space. There are three that are easily identifiable. The question is, what is the connection between them?




The first trend is the rapid adoption of so-called unified threat management, or UTM. The driver for UTM is the cost savings achieved by using a single hardware accelerated platform to accomplish a whole “stack” of security tasks. These are firewall, VPN, IPS, anti-virus, anti-spyware, anti-spam, and URL filtering.


Rather than purchase separate solutions from seven different vendors there are efficiencies in having one platform. The initial cost is of course lower but more importantly because all of the security functions are managed from the same console there are reduced manpower needs to manage network security.


Training, certification, tech support, and licensing costs are all lower. What is really driving UTM though is that more and more enterprises are breaking the hardwired WAN connections they have between offices and thus they need to deploy a complete security stack at every location, a cost prohibitive proposition using the old school single-function, single-vendor solution. Retail operations like stores, auto dealers, and bank branches are the ones to profit the most from UTM deployments.


Think about that last point. There are two factors at work here. One is the cost savings from consolidating application servers, data bases, and storage in fewer, centralized data centers. The other is the Internet itself is becoming more and more of a critical resource for every office. Therefore, direct connections to the Internet from every remote location are becoming the norm, helped by low cost broadband connections.


So, we have enterprises quickly consolidating data centers and profiting from cost savings associated with fewer licenses for ERP solutions, more efficient storage solutions, and reduced headcount. At the same time, we have broadband access to every location even to teleworker’s homes. This is where WAN optimization comes in.




Many enterprise applications (Oracle, SAP, AutoDesk, etc.) were not designed to work well over the Internet. Thus WAN optimization appliances are deployed at the data center and the remote office to accelerate the response time of remote applications through compression, caching and other tricks. Just look at the sales growth of companies like Riverbed to get a feel for the rapid growth of WAN optimization.


Network Virtualization


Now, you may think I am going to draw the connection between data center consolidation and server consolidation which brings in the third trend, virtualization. But, I am not talking about server virtualization as represented by VMWare. To me that story is all about getting multi-functions out of single Windows’ boxes. An important trend but not tied to the other two.


Network virtualization is a critical element that will start to see more and more adoption as the trend towards the distributed enterprise continues. While WAN optimization is driven by the cost savings from consolidating data centers, UTM is driven by the need to protect all of those endpoints that are now directly connected to the Internet.


Managing the security of those distributed end points is the driver for network virtualization. Subsets of offices can be segregated into their own virtual wide area networks. Security policies can be applied to those virtual segmentations and easily managed, updated, and monitored.


Thus all of the major trends evident today in the networking space can be seen as tied together. Understanding this connection can help CIO’s determine their project resource allocation. Many times security, WAN optimization, and network management are treated separately, even by completely different teams. It may be prudent to have all three teams talking to each other to get the optimum results.


Now a consultant, Richard Stiennon was most recently chief marketing officer for Fortinet, the largest privately held security vendor. Prior to that he founded and served as chief research analyst at IT-Harvest. Before IT-Harvest, he was VP of Threat Research for Webroot Software.

He is holder of Gartner's Thought Leadership award for 2003 and was named "One of the 50 most powerful people in Networking" by NetworkWorld magazine.