Users Wait While UTM Market Roils

The marketplace for multipurpose unified threat management appliances, or UTMs, the Swiss Army Knives of security and networking, is taking that proverbial fork in the road that leads to either economies of scale or the exit doors.

Appliances and UTMs are the tip of the hardware spear, with faster and more capable hardware supporting a wider mix of embedded software applications. Today, UTMs come with anti¿spam, anti¿virus, intrusion-detection, firewall and packet inspection, and antispyware capabilities, as well as VPN connections, Wi-Fi access points and more.

The march of Moore's Law adds more capability and value to these appliances for customers lacking a best-of-breed requirement, and the life-cycle, cost-of-ownership advantages for the appliances are compelling. Pundits are predicting that UTM appliances will become the dominant security delivery technology in the next two to three years. Users will do well to keep a sharp eye on the rapidly changing vendor landscape in order to keep track of their options.

Recent developments in the security industry suggest that UTM is moving from an emerging marketplace that can support niche players to a commodity market dominated by a few large companies. Entry-level prices for appliances are hovering around $600. Profitability means high volumes, economies of scale and razor-thin margins.

On June 20, Symantec announced that it was dropping out of the UTM market¿place, preferring to bolster its profits with higher-value products and services. Meanwhile, on July 25, WatchGuard accepted a $151 million buyout offer that represented a small premium over the company's price per share.

Symantec says it is choosing to innovate with products and services in the security management arena and its merging security and storage businesses. Chief among its goals is maximizing the security-storage synergies of its Veritas acquisition, since the stakes have been raised by EMC's announced acquisition of RSA Security.

Symantec obviously sees far more profits in layering security applications, such as authentication, authorization, content security, policy management and encryption, with multitiered virtual storage systems.

Being acquired by the $5 billion Francisco Partners private equity firm puts all options on the table as WatchGuard becomes a wild card in Francisco's portfolio. WatchGuard could be merged with another UTM vendor to further accelerate consolidation, or its technology could be combined with newer ones, such as network switching, in an attempt to provide differentiation and value. Another option for Francisco could be to extend the UTM business model into services and subscription revenues.

These developments among UTM vendors came as no surprise to astute users. In the past month, the UTM arms race has escalated, with faster appliances introduced by Cisco, Check Point, SonicWall, Tumbleweed, CipherTrust and WatchGuard, among others. Sun chimed in with a new blade server.

New types of appliances are in the wings to accelerate XML, service-oriented architecture components, directories, authentication and authorization, and almost any type of software that can be shrink-wrapped.

The wisdom of Symantec's strategy will be revealed in future financials. EMC recorded a net profit margin of almost 11% for its latest quarter, as a high-end vendor of storage and virtualization systems. Symantec, perhaps bruised by appliances, has some catching up to do. Its net profit margin as a multiline security vendor was 9.6% for its latest quarter.

EMC/RSA will not enter the cutthroat hardware appliance marketplace and put its profitablity at risk. Consider that public appliance vendors SonicWall, Tumbleweed and WatchGuard all reported net losses for their latest quarters. CipherTrust, in the cross hairs of a $273 million Secure Computing acquisition, is private and has worked hard to develop service differentiators to complement its appliances.

Those posting profits in the hardware appliance marketplace have tremendous scale with multiple product lines -- such as Cisco, with a 22.7% net profit margin -- or a unique business model. Check Point, an Israeli company that has established a software franchise, enjoys a very robust 46% net profit margin.

Even Cisco sees the risk of the high-volume, low-margin appliance business and is talking about unbundling its core IOS network software from its hardware. This move will allow Cisco to realize more value from support, training and upgrades, which are huge sources of software profit. Cisco's endgame is to winnow the ranks of UTM vendors through consolidation, ultimately presenting an opportunity to raise hardware prices.

Oracle, with net profit margins typically close to 20%, and Microsoft, usually posting net profits in excess of 30%, are not likely to enter the hardware appliance marketplace. Microsoft weathered the commodity hardware business with its Xbox game console, assuming the ironic position of supporting hardware that affords gaming software vendors higher profit margins than Microsoft makes from the gaming console. w

Mark Willoughby, CISSP, is a 20-year IT industry veteran and journalist. Contact him at

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon