Cyberoam's UTM appliances have a keen focus on identity-based security and its latest CR750ia brings this technology to mid-sized businesses. Many competing vendors offer this particular feature - where security policies can be applied to specific users - but Cyberoam goes that extra mile with a more sophisticated range of controls.
The CR750ia, supplied for this review by e92plus, is a compact 1U rack appliance. This is one of six models in Cyberoam's new Accelerator Series, which all come with multi-core processors.
The CR750ia is well specified, as it sports a fast 2.66GHz Q9400 Core 2 Quad processor partnered by 2GB of DDR2 memory. Internal storage/quarantining is looked after by a single 160GB SATA hard disk and the appliance has dual redundant hot-plug power supplies. Connection options are very good: 14 Gigabit ports to play with and all support LAN, WAN or DMZ duties.
Installation is handled well and we had the appliance up and running in the lab in a few minutes. A quick-start wizard offers a choice of routed and bridged modes and we opted for the former. You can also start the appliance in a passive monitoring mode, or apply one of two default security policies to all traffic.
First contact with the web interface reveals a fresh design, as it now shows the status of all subscriptions and updates, along with detected threats such as spyware, web and mail viruses and IPS alerts. The previous interface was cluttered and provided too much information about web-browsing activity and surfing patterns.
Identity-based security starts with authentication and the CR750ia offers a local user and group database, or you can use AD, NT Domain, LDAP and Radius servers.
Single IP addresses and pools can also be used in security policies to stop users logging in from undefined groups of systems or individual workstations.
Users are placed in one of three groups that determine authentication requirements. 'Normal users' have the Cyberoam Corporate Client utility installed on their system, which will log them in to the appliance.
Those using an external directory server do not require local agents, as they will be automatically logged in to the appliance once authenticated.
Clientless users do not authenticate with the appliance, but you cannot apply surfing and data transfer quotas or internet access time restrictions to them.
Once your users have been declared, you can apply a range of controls, including web filtering, internet access and bandwidth usage policies. Transfer limitations on uploads and downloads can be enforced, based on daily, weekly, monthly and even yearly usage.
For IM app controls, most UTM appliances can only apply blanket block-or-allow actions to these protocols. The CR750ia is more sophisticated, as it can use IM contact groups and rules to control the login process and block or allow text chats, file transfer and webcam sharing.
The basic appliance provides an SPI firewall and you can configure security at the port level by grouping them into zones. Firewall rules contain the standard mix of source and destination ports or zones, services, block-or-allow actions for specific traffic types and time schedules.
Using the advanced firewall rules, you can enable AV and anti-spam, add policies for IPS, limit internet access and apply global bandwidth restrictions. Application filters can also be applied in firewall policies and used to restrict the use of games, VoIP, P2P apps and so on.
Cyberoam offers a number of low-cost options, with a one-year value subscription to AV, IPS and content filtering costing £3,158. The total value subscription is worth getting, as it adds anti-spam, but only increases costs to £3,509. There are no user licence restrictions on any of the features.
All too many vendors still charge extra for HTTPS web content filtering, but Cyberoam includes this as standard. A useful feature is the ability to apply different actions to a specific URL category, so for some you could deny HTTP connections and only allow secure HTTPS access.
Anti-spam is handled by Commtouch, which we've always found delivers excellent detection rates with minimal false positives. You can start with a global anti-spam policy for all users and then add custom policies for finer control. Depending on the score applied to each message, you can tag, quarantine, drop or reject SMTP messages and for POP3 mail you can accept a suspect message or tag it.
Cyberoam scores highly for its new iView reporting service, as this is capable of providing a wealth of information about all security activities. For its smaller appliances, iView runs as a separate Syslog server, but this is integrated into the CR750ia and is accessible directly from the web console.
It opens with a dashboard view providing graphical summaries of allowed and denied traffic; clicking on a bar graph or pie chart allows you to drill down deeper for more information. Cyberoam provides heaps of predefined reports, so you can quickly view detailed information on protocol spreads, firewall activity and detected viruses and spam, plus web browsing and FTP activities for individual users.
The CR750ia delivers an impressive range of security measures and subscriptions to the optional features are affordable. Deployment is simple, the new iView reporting tool impressive and Cyberoam stands out for its extensive identity-based security.
Cyberoam CR750ia is available to buy from e92plus. For more information visit www.e92plus.com
Dave Mitchell