Subscribe Contact Us About Us Advertising Editorial Calendar SC US SC Aus/NZ

Home
News
Events
Blog
SC Awards
- Previous Awards
Products
- Reviews
- Group Tests
SC Insight
Jobs
Archive
Subs
- News by Email
- Subscribe to SC Magazine
Whitepapers

Text "follow scmagazineuk" to 86444
@scmagazineuk
LinkedIn

RSS | Log in | Register

Unified threat management (2009)

Peter Stephenson

April 01, 2009

Print
Email
Reprint
Text: A | A | A

Products Tested

aXs Guard Gatekeeper

Check Point UTM-1 3070

Cyberoam CR200i

FortiGate-110C

gateProtect GPX 800

IBM Proventia

NETASQ U450

Panda GateDefender Integra

SifoWorks U310A

SonicWall TZ 210

Summary

Solid performance, good pricing and excellent functionality make SonicWall TZ 210 our Best Buy this month.

A lot of features, easy to use and inexpensive: why IBM Proventia is our Recommended product.

Unified threat management's time has come. We put ten products to the test. By Peter Stephenson.

This is the hot review of the year. The herd of unified threat management products - UTMs - queued up ready for testing was prodigious. This year, Mike Stephenson beefed up the test bed to unload all our guns against the victims - and the results were most interesting.

First, a few observations are in order. UTMs have broken the mould and now contain just about anything that you can conceive of putting on the perimeter. We saw anti-spam, anti-malware, firewalls and the rest of the usual gateway tools, all neatly packaged into ten hardware appliances - no software or virtual appliances this year.

The range of covered protocols improves every year. This year, the emphasis is on adding P2P and IM to those UTMs that did not have them last year.

The price-performance ratio continues to improve, as does the robustness of the products. The management is now almost completely web-based.

In short, we liked pretty much all that we saw. But, as always, we liked some more than others. UTM reviewing in the lab has gone from picking the best of a bad bunch a very few years back to struggling to pick the top tip from a boatload of winners.

Buying a UTM
The game is changing. There now are very competent endpoint security products - we look at several this month in our other group test - so the notion of spreading defence in-depth across the enterprise is a viable one.

In the case of the UTM, we expect a lot of functionality, but functionality at any cost is not the goal. Many firms have excellent anti-malware gateways and do not need UTM functionality. It is best to review security and network architecture at the perimeter and decide what you need before you decide what to buy.

Manageability is a key aspect of a successful UTM deployment. If you have a widely distributed enterprise, figuring out how to manage remote appliances can be a challenge. Pick products that fit into your existing architecture and are able to be managed centrally. The same is true of reporting and alerting. Make sure that the capabilities of the UTM fit your needs in both respects.

Another consideration is the nature of the rest of your security architecture. There is something to be said for slotting a UTM into an existing system that is made up of its siblings from the same product line. That usually integrates management and makes the whole architecture more solid. The other side of that coin is that weaknesses often are endemic within a given product line and adding new products within that line to your architecture simply perpetuates the weakness. Be sure that you are getting the protection you need, even if you need to sacrifice homogeneity.

Network architecture is a key issue. If your architecture at the perimeter is based on a DMZ or multiple perimeter networks (such as online banking systems), you might want to consider mixing the UTM with a traditional firewall. This adds defence-in-depth at a sensitive part of the enterprise. It also increases your control.

The last issue to consider is performance. The UTM can pose a bottleneck at high traffic perimeters. Be sure your choice has high availability capability. Being able to have a failover capability that also allows high volume traffic can be critical to network traffic management.

How we tested
UTM testing is great fun around SC Labs. We set up some of our meanest attack tools and throw everything we can at the products under test. This year, we set up a complete network of targets that we protected by the device under test. Then, we set up an attack machine on the other (WAN) side of the device being tested.

We started out with the firewall wide open to see if the IPS would stop our attacks. Generally, we found that the default state for these products was report-only, so you are faced with configuring the UTMs before you can use them effectively. The other side of that is that you can use the reporting to characterise the traffic that is passing through the UTM.

Once we knew what was passing through our devices, we tightened them down and ran Nessus again. The idea was to attempt to get past the UTM and hit the targets it was protecting. If we saw anything inviting, we opened up our big guns - Core Impact - and let fly. Core has continually updated its attacks and each month there are more tests for us to try.

The results this year were quite satisfactory. Bottom line? If you can't find the UTM you need here, it probably doesn't exist.

SC Webcasts

Security beyond the (fire)wall

Streaming live on 19^th June at 3pm BST

This webcast addresses the technological challenges of maintaining full control of your most sensitive information - even once it goes beyond the firewall - while maintaining the freedom and flexibility necessary to allow your staff and other stakeholders to work as efficiently as possible. Tune in for free to hear from our regular and popular guest speaker, Bola Rotibi from (ISC)2 application security advisory board. To secure your place, please click here.

The truth about vulnerability management: Compliance checkbox or real protection?

Streaming live 2nd July at 3pm BST

How often are you assessing network vulnerabilties? Is your current vulnerability management program merely a compliance checkbox for auditors? Tune into this webcast live to hear from Joerg Weber, head of attack monitoring, Barclays, Lee Barney, an information risk consultant, and Skybox's Michelle Cobb on how you can prioritise vulnerabilities in a way that makes sense for your specific threat posture. Secure your free place here.

SC Featured Webcast

Employee file sharing: the good, the bad and the ugly

This recently held webcast unveiled the full results from the latest data security survey, where it was revealed that 50 per cent of the information security professionals asked said that they had 'no real visibility' of how data is being sent within and outside the company. Guest speakers included the director of information security from Monster.co.uk and the ISO from Atos. If you missed the live show, you can tune into the on-demand video here.

SC Whitepapers

Java security: Balancing existing testing platforms with open source solutions

In a rush to get new products out to market quickly, companies expose themselves to the risk of software failure. Java developers often turn to open source solutions to help protect themselves from risk. This new whitepaper explains how you can use your existing testing platforms alongside open source solutions to fix those issues related to both security and quality within your Java code. To download the paper for free, please click here.

DDoS and downtime: Considerations for risk management

The purpose of this paper is to start a conversation about the often overlooked risk of downtime caused by DDoS attacks and to provide sufficient content for risk managers to account for the DDoS threat as they evaluate risks to their day-to-day operations and long-term mission. To read the paper in full, please download it for free here.

Ponemon 2012 Global Encryption Trends Study

In Ponemon's recent Global Encryption Study, the organisation surveyed 4,205 information security professionals across seven countries to examine how encryption has evolved over the last eight years. The study focused on data protection priorities, budgeted expenditures for encryption and the types of encryption technologies involved, with the findings revealing some interesting insight into the relationship between encryption and its impact on the security position of organisations. To read the full report for free, please download it here.

Advanced spear phishing: The rise of industrial phishing attacks

With phishing still the most common form of attack, hackers are now engaging in industrial-scale phishing attacks that leverage sophisticated customisation and delivery techniques. Borrowing tactics from cloud computing and database marketing, this study looks at longline phishing - an advanced form of spear phishing, which has higher clickthrough and penetration rates than traditional attacks, potentially causing a higher risk to IT security departments across the world. To read the study for free, please click here.

Most Popular
Most Emailed
Most Recent

RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions