Product Group Tests

Gateway UTM (2010)

by Peter Stephenson July 01, 2010


For its high number of features and low cost, we award Cyberoam CR50ia our Best Buy.

Netgear's ProSecure UTM25 has a lot of features, provides solid protection and is excellent value for money. We rate it Recommended.

Unified threat management (UTM) gateways have evolved in recent years to keep up with the ever-more sophisticated threats. By Peter Stephenson.

In the early days of multi-purpose appliances I had two main architectural concerns. First, there was no defence in-depth. If the gateway security failed, and it usually failed open to avoid shutting off the enterprise from the rest of the world, protection was gone. One good virus attack and your network was toast.

The second issue was performance. The gateway represented a single point of failure. If the gateway itself, meaning hardware, operating environment or some other key piece of the appliance's infrastructure, failed or was overloaded with traffic you were cut off from your upstream networks such as the internet. Neither of those concerns are major issues today.

Performance today is covered admirably by any of several architectural approaches to failover. Defence in-depth has finally become everyone's mantra, not just the IA pro. The vendors are building security in layers, which are interacting with each other. This sounds as though we have reached information security Nirvana. Well not quite, but at least the light at the end of the tunnel is not likely to be an oncoming train.

The issues that affect us today are not the same as the ones that impacted us ten years ago. Attackers are far more sophisticated and attacks are more and more likely to be automated. The rate of malware proliferation, as well as the ever-broadening definition of malware, is off the charts. Even the motives behind cyber attacks have changed radically.

The problem of automated attacks, especially those that manifest as insider attacks, e.g. user errors resulting in allowing malware to enter the enterprise, is that they pose serious challenges to any form of gateway protection. In earlier days the idea of a SQL Slammer attack or a Code Red infestation seemed novel, but today these types of attacks are common. The good news is that they are not as likely to penetrate the enterprise as in days past. The UTM and protection at the endpoint have pretty well taken care of those and, for the most part, they are nuisances if not serious incursions.

The attacks that keep us awake at night are far subtler. These are the attacks that result in widespread credit card theft, extortion, theft of trade secrets and other worrying impacts. These attacks are very hard to detect and mitigate. Discussions with my colleagues have convinced me that the types of attacks that used to trouble us are clearly on the wane. They are being replaced by the waxing of subtle, very professionally conducted attacks.

Why is this? The answer to that lies in two major areas. Firstly, motivations have changed from those of the traditional bad boy (or girl) hacker to the cyber mercenary. Cyber-enabled theft is a very safe way to make an illicit living, as we all know. The second enabler is that, unlike hackers of yesterday, today's attackers have plenty of resources. Some are state-sponsored, some are hiring out to organised crime and some are simply skilled freelance thieves.

So, how does all of that fit into this month's review of UTM gateways? These appliances have a lot more to deal with than they ever did in the past. With the influx of a plethora of applications they do a very credible job of addressing current problems. The weaknesses of the old multi-purpose appliances - lack of defence in-depth and single point of failure - have become the strengths of the modern UTM. It is as hard to get stuff out of the network (data leakage), as it is to get bad stuff (and people) into it.

The ability of a unified threat management gateway to be truly unified is the key. Comprehensive policy engines, for example, are a major key to the success of a UTM. Add excellent scalability and manageability and you have the basis for a solid chunk of the security architecture for most enterprises. When you plug in the endpoints, your security infrastructure is almost there.

How we tested
Testing was fairly straightforward. The gateway was set up, as it would be in a normal enterprise, between the untrusted network and the trusted network. We generated various types of threats from the untrusted network targeting machines of different types on the trusted internal network.

SC Webcasts UK

Sign up to our newsletters