Safe and secure

Channel players who assume that Unified Threat Management is an easy way to make a quick buck need to think again
Safe and secure
By Julian Pletts
Mon 16 Mar 2009 04:00 AM

Unified threat management (UTM) has grown in stature as a concept during recent years, taking advantage of demand from end-users that want an uncomplicated approach to security. But channel players who assume it’s an easy way to make a quick buck need to think again.

Channel Middle East spoke to the following UTM experts: Judhi Prasetyo (JP), regional channel manager at Fortinet; Shahnawaz Sheikh (SS), regional sales manager at Sonicwall; Surender Bishnoi (SB), regional manager for sales Middle East at Cyberoam; Mark Romano (MR), director of global field and channel marketing at Watchguard; Tarek Houballa (TH), systems engineering manager at Cisco Gulf and Pakistan; and Taj El-Khayat (TE), regional channel manager at Juniper.

Over the last few years UTM solutions have entered the mainstream IT market. What kind of end-users should Middle East VARs be targeting?TH:UTMs were created for the type of customers that wanted to have the maximum solution in a minimal box, so the UTM is usually a firewall bundled with an IDS and an IPS bundled with an anti-virus and whatever you can get in.

Traditionally, the ideal customer has been the SMB, particularly financial environments such as small banks and branches.

The key in difficult times is to show value within the product line, services and after-sales support. Customers still have budgets but they want to be sure that they buy the best they can.

However, this is a generic answer because the UTM has evolved and some vendors, including Cisco, have pushed UTM to be more capable. But it definitely wouldn’t include large enterprises or data centres, for instance. MR:UTM performance has increased greatly over the past two years and this has allowed SMEs to deploy UTMs without risking bandwidth bottlenecks. We see increased adoption of UTMs in distributed environments where there are multiple branch offices.

VARs should look at SMB and SME environments that want to get the most out of their IT budget. Businesses affected by regulatory compliance, such as PCI and DSS, are ideal candidates for UTM. SS:This crisis period is almost a blessing in disguise because enterprise customers that used to buy premium-priced products are looking at cost-effective and easy-to-use solutions that can be managed with minimum staff.

Considering this, we feel we have an edge over the companies with the premium-priced products. Our solutions are simple to use and easy to manage. I would expect our resellers to focus on the enterprise sector, which until last year was dominated by some of our competitors.

TE:Unified threat management is a very broad subject, but usually small offices and remote offices are the best demographic for the UTM. In Dubai and the Middle East you have a lot of multinationals that are opening small remote offices here so they could be good clients for UTM.

Retail outlets, with the expansion of malls, is an excellent demographic for UTM expansion, as are fixed telecommuters that also require access and companies with multiple branches such as banks. Oil and gas, with offshore rigs, too.

When the competition is so fierce what can resellers do to differentiate their offering, and how as a vendor do you support channel partners with this?TH:They need to sell competencies and services, such as consultancy and advisory. Security is more like insurance so the customer must have the assurances that it is safe and secure. That comes through pre-auditing and post-auditing, so before installing the UTM they need to assess threats and vulnerabilities to be able to contribute different policies. MR:The key in difficult times is to show value within the product line, services and after-sales support. Customers still have budgets and the need to purchase, but they want to be sure that with any purchase — from paper clips to network security appliances — they buy the best they can afford.

Watchguard assists its resellers with sales tools and evidence that our products offer state-of-the-art security, fully functioning and updated security services and post-sales support to get in the ball game.

The long term value or return on investment is where we slam the door on the competition, and our resellers reap the benefit.

VARs must have a minimum level of pre-sales and post-sales skills. If they don’t, they might sell the wrong box and three months later the client starts screaming that its network is down.

SB:None of our competitors offer an identity-based UTM appliance so partners are placed at an advantage. Also, our low-cost operation base in India enables us to penetrate price-sensitive markets, and partners receive benefits that include lead-locking and incentives based on market requirements through our partner programme.

In addition, we provide them with marketing support that includes roadshows, event and conference participation, lead sharing, newsletters and direct mailers that help generate greater awareness and opportunities in the market.

How do you manage your channel network and what type of expertise do Middle East partners need to work successfully with UTM solutions?SS:We classify our partners based on their market reach, expertise and commitment to Sonicwall. It is not necessarily the case that a big name systems integrator is classified as a ‘gold partner’ and not an ‘approved partner’.

We also have some big names working as approved partners because the commitment level with them is different — maybe a mid-size or smaller integrator has committed to delivering more business and earned their position as a gold partner. TH:We take into account the minimum routing and switching specialisation when ranking our partners. The partner must be certified to a specific level and on top of that will come the security or the voice specialisation.

We look for partners that have the capability to install a network as per Cisco best practice. The best way for us to know that this is the case is for them to have the level of certification needed.

They must have the right level of people needed and the minimum number of people certified. They must also have a minimum level of pre-sales and post-sales skills. If they don’t, they might sell the wrong box and then three months later the customer starts screaming that its network is down.

TE:We advise and work very closely with our VARs to ensure that they understand customer requirements and, more importantly, the customer’s expectations from the UTM solution that they are acquiring.

Sometimes they tend to go and build oversized project expectations and completely misunderstand what the customer actually requires. They should focus on a solution. Usually when a customer says that they have one, two or three problems the VAR will say, ‘I have one, two or three products’, and that is it.

They need to focus on offering a solution rather than a product and have a clear service agreement to support the customer and give confidence about the solution that we are actually offering to them.

SB:We empower partners on critical fronts through extensive training, sales and marketing support, as well as increasing Cyberoam’s visibility in the market.

Some of the criteria that we take into account when appointing our partners is whether they have experience, a high turnover, diverse product portfolio, dedicated team support systems and certified resources.

Resellers need to not only specialise in security but understand basic network architecture, and when that happens they will know how to tackle basic interoperability between boxes.

JP:We combine all of the security features in one. A VAR may have one person specialising in IPS, another in firewalls and another in e-mail security or web content filtering security.

Now they can send one person to our training and they will be able to master all of those skills. With this training, the reseller will have the capability to measure or size up which model best suits the customer. There is room to improve in the Middle East. Most resellers are able to help the SMB market and medium enterprises.

But when it comes to large enterprises and the telecoms market we still need to ensure that we pitch and propose the right solutions directly to them. And this is something we want resellers to be doing for themselves in the future. Only a year ago some industry analysts were suggesting that the days of UTM products were numbered as switch vendors built security elements into their offerings. Has this changed, and what prospects are there for the Middle East UTM market in 2009?MR:Clearly those analysts were misinformed. Latest figures from leading global analyst firms show that UTMs are making solid gains, even in the current economic situation.

In fact, many analysts are looking at 2009 as being the year that UTM gains solid ground in the enterprise, which historically is an area that UTMs have been slow in adopting. We expect to see most UTM growth in the midmarket environment. SB:The birth and evolution of UTM has been impacted and shaped by the evolution of the internet threat landscape. The complexity of blended threats and the inability of point solutions to effectively tackle them led to the birth of the UTM concept.

A product developed from such detailed process and years of research cannot be replaced overnight.

The UTM has emerged as the best bet for businesses, and even enterprises are deploying UTMs — not only in the edge of their networks but in the core as well.

UTM growth has come to outpace that of traditional security solutions. According to IDC, the market for integrated security devices, including UTMs, has been estimated at US$3.3 billion for 2009. JP:There are very obvious prospects and right now we haven’t seen any switch products that have become a UTM or a security product. But we have new products and every year performances just get bigger and better.

The amount of bandwidth that we can deliver is increasing. The first UTM was probably only 10MBPs, now we have 100gigabytes. It has multiplied by more than 100 times. It is more important than ever for Middle East VARs to deliver on promises to end-users. What measures must VARs take to ensure that issues such as single point of failure, compatibility and performance do not befall their customers?SS:When it comes to compatibility it is all about giving the right product to the right network size. If that is taken care of at the start there is unlikely to be a single point of failure.

If you cut back on training even one of your engineers then it will be felt immediately because the installation will fail and upset the customer, and they will not buy again.

With UTM you have the option of putting all of the services on a single appliance or putting it onto multiple appliances. This is a call that the customer or the appliance provider takes when considering the resources and the resources of the end-user. TH:VARs need to not only specialise in security but to understand the basic concept of network architecture, and when that happens they will know how to tackle basic interoperability between different boxes.

Networking today is a knowledge that you cannot just specialise in, you have to have a base from which to start your specialisation. Usually a reseller will focus on the most profitable business.

Let’s say they find out a product has been sold very successfully in the market — they will immediately hire someone with a basic knowledge in that solution and tell them their role is to go and install it.

When that happens — and I have seen it myself very recently — the person will encounter issues on the routing side, but they won’t know how to touch the routing because they are not meant to do that.

It is a short-sighted view from the reseller that could be tackled differently, perhaps by having a team with a routing and switching generalist. And in addition to this, they could have a security specialist and a voice specialist. JP:They must understand the current set-up and this is something which is challenging in the Middle East. People move a lot from one reseller to another and most of the time those resellers haven’t done a good documentation job, which means the documentation has gone with the person who left the company.

If the VAR wants to offer value-add they have to provide good documentation and also understand traffic flow. Once they understand the business of the customer, and where the data lies, they can propose where they are going to put the security measures and the model so the performance unit will be able to handle that kind of traffic.

What are the top considerations that CIOs need to be aware of when choosing a UTM solution, and how can resellers make sure that they anticipate these?MR:When evaluating UTM vendors, the important considerations are scalability, flexibility and manageability. It is important to select a vendor that offers appliances that can scale and grow. They should look at a vendor with appliances that can fit into any size of network, and are easy to manage and maintain. Resellers need to understand the drivers of their customers — not just the technical issues, but the long-term business goals as well. JP:The top guys will look at the solutions and whether it will really fit their strategy. They will also evaluate whether the brand is going to stay there or not. We have seen many vendors quit the market in the past.

Some are overpriced or just give up making the box to concentrate on something else. CIOs will also want to see who will be delivering the solution and how strong their product knowledge is.

TE:It is very simply actually. I am sure the CIO will look at ways to get leverage on the solution they are going to be proposed. They want simplicity and integrated management capabilities because they want to enhance operational efficiency and reduce operational expenses.

They want something that is simple and doesn’t require lots of resources overhead, and they want a product that can be managed centrally and integrated with the rest of the technology that they have.

Juniper is a product to enable these integrated management capabilities because we are an open standard and work with the full network products that a customer has. VARs themselves are also impacted by the global financial downturn, which is forcing them to make some tough decisions when it comes to their own business. Which elements of their business can they not afford to neglect?SS:I would say technical resources. The customer’s expectations on the services will still be the same and nobody wants to stop certain services because of the financial crisis.

The expectations from the systems integrators therefore remain high in terms of the after-sales support. Technical services are vital right now. We make it our responsibility to train any channel partner that is working with us and we certify them before they go out to the end-customer. SB:Businesses are tending to delay new projects and cut costs in the current financial slump. However, in order to stay competitive most businesses cannot afford to stop investing in technology, especially in IT security.

In these challenging times channel partners need to both cross-sell and up-sell product offerings, as well as focus on key segments of the market that are witnessing the effects of the slowdown. TH:I would say the first thing would be training. If you cut back on training even one of your engineers then it will be felt immediately because the installation will fail and upset the customer, and they will not buy again. Post- and pre-sales are also important.

Pre-sales is not just about the guy who sells it, but the person who designs the architecture. The other thing is hiring the right profile. I assume all vendors have levels of certifications that show whether someone knows how to work on the UTM, but Cisco has pushed it further with associate, professional and expert levels.

If you have the wrong person or level of expertise then mistakes might be made. Acquiring these resources can be expensive, but it might mean the difference between survival and non-survival. Making a mistake might put someone out of business right now.

For all the latest tech news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Subscribe to our Newsletter

Subscribe to Arabian Business' newsletter to receive the latest breaking news and business stories in Dubai,the UAE and the GCC straight to your inbox.