Over the last week or so I have been researching and trying to find the difference between NGFW (Next Generation Firewall) and UTM (Unified Threat Management). I came across some great blogs that helped me cut through the marketing hype.
In this blog the Author makes some great points that essentially argue that there is no difference. As I read through the comments on the blog, it was not so clear, as many argued that there is a big difference.
When I looked up the definition of NGFW and UTM in Wikipedia to get a baseline as to where I would end up on this argument, it solidified in my mind that these are in fact the same thing.
Gartner states an NGFW should provide:
- Non-disruptive in-line bump-in-the-wire configuration
- Standard first-generation firewall capabilities, e.g., network-address translation (NAT), stateful protocol inspection (SPI) and virtual private networking (VPN), etc.
- Integrated signature based IPS engine
- Application awareness, full stack visibility and granular control
- Capability to incorporate information from outside the firewall, e.g., directory-based policy, blacklists, white lists, etc.
- Upgrade path to include future information feeds and security threats
- SSL decryption to enable identifying undesirable encrypted applications
UTMs represent all-in-one security appliances that carry a variety of security capabilities including firewall, VPN, gateway anti-virus, gateway anti-spam, intrusion prevention, content filtering, bandwidth management, application control and centralized reporting as basic features. The UTM has a customized OS holding all the security features at one place, which can lead to better integration and throughput than a collection of disparate devices.
Now there may be some subtle differences here, but for the most part the two provide the same set of features. It seems to me that the main argument for the difference between the two is that the NGFW is a more robust engine and that it won’t suffer the performance impacts that a UTM would.
This becomes even more confusing when we look at the Gartner Magic Quadrant for the two.
Palo Alto seem to be the only NGFW (or at least of any significance) to not be in the UTM Category. And how is it that Fortinet is both a UTM and NGFW, but is not as good at being a NGFW.
If there is in fact a difference between the two, then one product cannot be both, can it?
My conclusion therefore is that they are the same.. Some may be better than others, but they are essentially equal in features.