<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=699131483885781&amp;ev=PageView&amp;noscript=1">
Back to Avast SMB Blog

The Hidden Costs of Network Security and UTM Appliances for SMBs

Daryll Swager Daryll Swager , 21 August 2019

The interesting and attractive part of a network security appliance is that you can just plug it in to your network, get it configured, purchase a support contract with your hardware vendor, and then you're all set.

When one takes a look with a focus on other costs, however, the flaws and blemishes become clear.

Let's take a look at some of these costs.

Hot Spares, or Single Points of Failure?

All businesses that need a firewall also need to be protected 365 days per year. In the appliance world, that means having a hot spare running, ready to take over if the primary security hardware fails. Every hot spare you must maintain adds to your costs.

Making the choice to run the appliance as a single point of failure without a hot spare is a non-starter for most SMBs, because hardware failure would result in an unacceptable level of breach risk or complete business downtime until the hardware can be replaced.

When taking cost into consideration, make sure to include those hot spares.

Firmware and Software Upgrades with Limited IT Resources

IT staff in a growing business should be spending more of their time and resources innovating, and often struggle with regular maintenance taking up too much of their time.

Security appliances are on the list of critical maintenance items that need attention and fast turnaround. Firmware updates and software upgrades need to be done on a regular basis, which adds to the list of maintenance tasks that stop IT teams from innovating.

Consider the time it takes per year to execute on the routine maintenance schedule, and add that as one of your hidden cost items for appliance ownership.

We're Growing and Just Opened a Branch Office

If you need a branch office, that's a great news story. It means your business is growing and you need more space for staff, inventory, storefronts, or maybe all of the above.

On the IT side of things, an appliance-first security strategy gets more expensive when you open your first branch office. A business has to protect their branch office in one of three ways:

  • Recreate the same security infrastructure. Are you running one UTM with a hot spare? Buy another two appliances, set them all up, and create a maintenance schedule for them.
  • Send all internet traffic from the branch office to be inspected by the appliance hardware at the central office. This requires buying or leasing enough MPLS bandwidth to support the content and traffic inspection needs of that branch office, when fully loaded. Is the hardware at your central office sized to inspect this new volume of requests from the branch office, or do you need to upgrade?
  • Create a direct to internet breakout at the branch office. This option does not eliminate the need for security, however, and one of the two above strategies must be employed in order to secure the branch office in this situation.

All of the above can easily double your infrastructure and staffing costs for cybersecurity, and should be considered when doing total cost of ownership analysis.

Avoiding Hidden Costs with Cloud-Based Security

Growing business who fall into one or more of the above use-cases might be able to save against these hidden costs by switching to a more cloud-centric model for protecting their business.

Cloud solutions differ from appliances in the following money-saving ways:

  • Patches and upgrades are the responsibility of the security software vendor, and not the IT staff. This saves IT specialists from having to maintain a checklist specifically for security appliance maintenance.
  • By choosing the right cloud vendor, you could open a branch office, pay only for the licenses you need at the time, deploy in days rather than weeks, and buy more seats as the branch office fills up.
  • Most cloud solutions offer endpoint security bundled with cloud firewall and/or DNS Protection. These solutions offer the IT staff endpoint and network security products in a single pane of glass, rather than having to maintain two or more point solutions.
The 5 Other Reasons your UTM Security Appliance Might Be Harming Your Business

Cost is only one of six things your appliance vendor probably isn't talking to you about. In our next blog, we're going to talk more about what an "all in one" UTM appliance really is, and what features most SMBs might be foregoing without purchasing additional hardware.

If you'd like to learn more about these hidden costs and risks, have a look at our resource center which includes our latest webinar and e-book content:

Learn More

Related articles

Network Security

Security appliances – is "all in one" really all you need?

On premise and UTM security appliances often offer "all in one" protection. When in fact, most appliances sized for the mid-market fail to provide the essentials layers of security to adequately protect your clients. If you are using or planning to use an on-premise security appliance to keep your customers safe from cyberthreats, here are a...

05 September 2019 6 min read


Digital Supply Chain - A Hackers Target - Stay Protected

Find out how to protect your business from being the weak security link in the digital supply chain

06 August 2019 18 min read


Saint Gertrude High School improves efficiency with Avast Business patch management

Centrally managed antivirus improves security services for a one-person IT department at this Virginia high school

17 June 2019 8 min read