One of my customers is an admin who works within a small portion of a larger institution.  The main administrative group decided to overhaul their primary firewalls with UTM devices instead, which included spam and virus filtering for MTAs (Mail Transfer Agents).

UTM = Unified Threat Management a somewhat recent market of devices that combine firewalling, filtering (http/SMTP) and sometimes intrusion detection all in one box.

Since we really didn’t want to lose this customer, I proposed that they place our existing appliance after the inbound mail flow that the UTM device now pre-filters.

What happened? In spite of the vendor’s claims, our product continued to catch a sizeable chunk of spam that the UTM device didn’t catch.  The only difference was that the UTM rejected most of the ‘obvious’ junk traffic, but our content filters still caught a fairly large number of leftover messages that the UTM device didn’t block.  In other words, the UTM displaced our own system’s connection-level blocking but hasn’t really proven to be a good substitute for our content filters.

Our customer promptly renewed their contract for spam and virus updates.

Moral of the story: UTMs are great Jacks of All Trades, but I don’t feel they can replace truly dedicated devices, at least not yet.