And if you're thinking of combining functions in a UTM, consider this: Services such as firewalls, VPNs and intrusion detection are not particularly compute intensive, but are latency intolerant. Anti-virus, URL filters and the like are compute intensive, but much more tolerant of latency. Mixing the two classes of services on your network can slow down applications that are sensitive to latency, says South.

The Case for UTM

San Francisco-based DriveSavers had a different set of concerns when it decided to shore up its security strategy. Though the company has about 80 employees, its network handles an average of 12 terabytes to 14 terabytes of data every business day. Since the company handles critical data, including passwords, for its clients, the tolerance for security lapses is very small.

"We have the keys to (our client's) kingdom, so they want to be absolutely sure their information can not be compromised," says chief security officer Michael Hall, whose company retrieves data from damaged hard drives. "An easy way for [clients] to validate is to probe our ports; we say 'hit me with your best shot,'" he says.

After taking the benign hit, DriverSavers techies collect the log data and get the evidence to the client. That seemingly simple task, however, was becoming a problem, "We were compiling logs from a number of different (security) appliances and had to consolidate. It was cumbersome, time consuming and from a business point of view, ineffective," says Hall.

Meanwhile, DriverSavers was growing rapidly, and it was a good time to look at the company's overall network architecture and see how security could be better integrated. Security goals included simple, 24-hour reporting capabilities, consolidated management, better use of space, ease of deployment and good network performance.

Ultimately, Hall deployed Cisco's ASA Adaptive Security Appliance, which consolidated intrusion detection, firewall, anti-virus and data leakage protection, plus a Cisco MARS (monitoring analysis and response system) box, which consolidates reporting functions. What about concerns regarding a single point of failure? Forrester Research analyst Rob Whiteley says that vendors have done a good job building reliability and redundancy into their devices. "Reliability has become moot," he says. Hall agrees, but just in case, he's kept his old, single function appliances installed and ready to use as a failover.

Compliance Tool

Compliance requirements can be another key reason to choose a UTM appliance, as was the case for San Diego's Paradigm Investment Group, which holds 96 Hardee's burger franchises in seven states. The problem: Paradigm needs to collect sales data and manage Web traffic, including feeds from security cameras, at each restaurant. While that sounds fairly straightforward, the PCI Security Standards Council mandates that point of sale servers must not only encrypt data, but also ensure that data related to credit card billing is securely separated from other types of network traffic, while remaining capable of moving data and fetching anti-virus updates.