More on UTM performance and purpose built hardware

Alex Neihaus from Astaro today vents on an article by Vimal Solanki of McAfee and Sab Gosal from Sensory Networks.  He is perplexed by what the two authors are getting at regarding UTM.  Alex, let me help you.  My mom always used to tell me, "show me your friends and I will show you who you are" (BTW, I used to hate when she told me this, it was usually when I was hanging out with the "bad boys").  In this case look at the source.  Sensory Networks is a company that makes PCI based acceleration cards for high pattern matching performance.  McAfee, (which surprisingly has no UTM product), has been pushing their IPS for years as "performance built" appliance, that while not containing ASICs, contains specialized hardware components to accelerate its performance in pattern matching, thereby rendering it superior to just off-the-shelf appliances.

Not surprisingly if you look at what their best-of-breed list for what an enterprise level IDS/IPS does, it reads like a carbon copy of the Intrushield data sheet on the McAfee web site.  Of course UTM won't be done until it has a high-performance acceleration engine.  Geez, Sensory Networks man, do you know where I can get one?  I bet you do.  Can it be that McAfee is thinking of using some Sensory HW to supplement their core IPS, to make some type of UTM device, a la 3Com's Tipping Point?  I don't think it would be to far a stretch for them to go that route.  I think what misled Alex, is the coy attempt by these guys to throw the dog a bone. By talking about all the good things a UTM can do, they come across as UTM's best friend. It is perfect, at least for those poor, downtrodden SMB customers.  Please, give me a break.  Now these nice gentlemen are going to come by and take this technology for the masses and add a little bit of what they sell.  Presto, abacadabra, you have UTM for the enterprise that really scales.

I think they are in for a rude awakening.  While Moore's Law may not be functioning at exactly the levels we have seen in the past, recent advances in off-the-shelf hardware are enabling some very exciting performance improvements.  I can foresee a time in the not to distant future, where a quad core, quad proccessor box with PCI Express buses and globs of RAM deliver some eye-popping performance.  When it does, the Sensory Networks of the world are in trouble.  Yes there will always be room at the top of the market for the Ferrari types who demand a specialized HW box for their best-of-breed applications.  But, there is a reason why UTM is the fastest growing market segment in Security.  People want it.