One drawback of UTMs that vendors generally don't mention is the detrimental impact they can have on network performance beyond the local area network if they don't have the capacity to handle large amounts of traffic. They can process a considerable amount of data, and scanning incoming traffic for viruses alone can reduce network speeds by 20-50%. Enabling IPS and other security features reduces performance even further.
UTMs are supplied for internet connections of different bandwidths or capacities, and Gartner's Lawrence Pingree advises buying one with plenty of capacity to spare.
"If you have a 100Mbps internet connection then a 100Mbps model would be fine if you are simply running the firewall. But if you are planning on enabling the other security features then you should definitely look at a 200Mbps model," he advises.
Another drawback is that even if you have a UTM installed at your internet gateway you still need to install and manage anti-virus software on employees' computers and on servers. "Not using endpoint security software is committing security suicide," warns Pingree.
That's because if a new virus arrives at the UTM before the appliance has been updated to recognise it, it will get through to infect machines on the network. Running anti-virus software on these machines enables the virus to be detected and removed a few days (or even hours) later, once the software has been updated to recognise the virus.
The crucial tips for UTM buyers are to look for an appliance with at least double the bandwidth of your existing internet connection, and to check that you can disable - and won't have to pay for - functionality you know you won't need. For example, you don't need a web application firewall if you don't run your own web server, or email security if you use a cloud based email system.