October 26, 2010
£346; all subscriptions for first year £99 (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Remarkably good value, identity-based security, simple deployment, extensive security measures, top quality reporting software
- Weaknesses: No complaints at this low price
- Verdict: The CR15wi delivers an incredible range of security measures, which can all be applied to wired and wireless traffic and is easily the best value SMB appliance available
Cyberoam has been making steady inroads into the UK over the past couple of years and its latest CR15wi looks like it could be the best SMB product we've yet seen. This little desktop box packs in an impressive range of security measures and beats the rest hands-down for value.
Costing £346, the CR15wi comes as standard with an SPI firewall, traffic management and IPsec VPNs, to which you can add AV, anti-spam, anti-spyware, IPS and web content filtering. You can activate the lot in the first year for £99. First-time buyers can get special two- or three-year subscriptions, the latter for £258.
This is the first Cyberoam appliance with an 802.11n wireless access point, but the CR15wi also introduces Cyberoam's new Version X firmware. This offers a new web interface and IPv6 support, but the most important feature is Cyberoam's identity-based security. This allows you to enforce a wide range of policies and apply them to users anywhere on any system they are using.
The CR15wi has three Fast Ethernet ports that provide LAN, WAN and DMZ duties. The appliance can operate in routed or transparent bridge modes and its USB port can use a 3G or WiMax modem as a primary link.
A quick-start wizard helps configure routed and bridged modes. We opted for routed mode.
Its new web interface dashboard has an overview of threats, with details of the appliance and status of subscriptions. This is more informative than the previous version, which focused too much on general web-browsing activity.
The interface is common across all of Cyberoam's appliances, so moving up to a larger unit won't be a problem. The identity-based security can use AD, NT Domain, Radius and LDAP servers or its own database, plus Cyberoam's Corporate Client utility.
You have three user types, with a normal user logging on via the locally-installed client. We used this on our test Windows 7 system.
The client isn't required if you are using an external directory server. Clientless users with no authentication don't have to log on, but can't have surfing and data-transfer quotas or internet access time restrictions applied.
User and group controls are extensive: we could apply web filtering, internet access and bandwidth usage policies to each one. We could also specify upload and download data transfer limitations and set different daily, weekly, monthly and yearly limits.
Firewall rules use port zones to define sources and destinations. Advanced rules allow you to set AV and anti-spam functions, add IDP policies, limit internet access and apply bandwidth restrictions.
The new IM controls use rules to control the login process and block or allow text chats, file transfer and webcam sharing. Creating IM contacts and groups takes this even further, as different access policies can be applied.
If you are running in bridged mode, the appliance presents a single wireless access point, but in routed mode it can offer up to seven more wireless interfaces.
Cyberoam uses the Commtouch anti-spam service and the CR15wi allows you to apply a global policy to all users and fine-tune it with custom policies. It delivered excellent results: after filtering live email for three weeks, we saw a 98.5 per cent success rate.
There are sweeping changes in reporting, largely handed over to Cyberoam's new iView software. This functions as a Syslog server.
The software runs on any Windows host and the level of information provided by iView is impressive, to say the least. It gives graphical summaries of allowed and denied traffic and hundreds of predefined reports are provided.
Despite its compact dimensions, the CR15wi is packed to the gills with security features and the low price makes it highly affordable for small businesses. Its identity-based security is extremely versatile, anti-spam measures are very accurate and the latest iView reporting software offers a wealth of valuable information.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report