Traditional stateful firewalls are pretty much table stakes for network security by now, in that all companies have them, and they still represent a significant chunk of budgets allocated specifically to this area of activity (Palo Alto reckons as much as 80%). However, their shortcomings have been evident for a number of years, so much so that a bevy of specialist segments have grown up over the last decade, each with its own group of start-ups, offering additional functionality that a firewall per se cannot. Such additional features include anti-virus (AV), anti-spam (AS) and anti-spyware, often collectively referred to as anti-malware, intrusion detection and prevention systems (IDS/IPS) and content filtering.
All these functions followed the standard evolution path from being offered as software for loading onto a server by the customer, to preconfigured appliances and, in some cases, software-as-a-service. In parallel, there have also been moves to bundle multiple functions into a single device, which is what UTM is all about. The latter gained a considerable head of steam back in 2005-7, though UTM is not without its critics. They argue that UTM devices may boast multiple functions, but since they are often just commodity server hardware running the software, the reality is that as more and more functions are turned on, they place an increasing burden on the processor and performance takes a hit on most of these boxes.
There are, of course, exceptions, such as the UTM devices from companies like Crossbeam, which use a purpose-built switching backplane to address this issue. Yet, these are much more high-end boxes, a fact that is also reflected in their price.
Palo Alto seeks to overcome the performance issue of multi-function edge security devices by deploying silicon it developed itself to offload the more processor-intensive functions such as content filtering. It also does termination and re-encryption of SSL traffic in order to inspect it, which is something the IDS/IPS vendors had to add in their second phase of development, as use of that encryption technique grew and offered a bypass around inspection techniques.