Strengths: Strong identity-based access security, policies available for controlling virtually every feature, easy deployment, good reporting
Weaknesses: Web filtering could be more accurate
Verdict: Cyberoam delivers a wealth of features for the price, which include versatile identity- and policy-based security measures
Based in India and the US, Cyberoam has been a relatively long-term player in the UTM appliance market, but it's only this year that it has turned its focus on the UK network security market. It does so with a wide range of products covering remote offices up to enterprises. A key selling point is its identity base security. True, there are plenty of other established network security vendors offering this feature but Cyberoam aims takes this concept a stage further.
On review is the CR100i, which is aimed at SMBs, has a firewall throughput of 200Mbps and can handle up to 370,000 concurrent sessions. This 1U rack appliance offers pairs of Fast Ethernet ports and Gigabit ports that can be configured for LAN, WAN or DMZ duties. You have two choices for deployment where it can act in routed or transparent bridge modes. Your choice will depend on whether you already have a firewall in place.
The appliance offers everything you'd expect to see in a UTM solution with features including firewall, anti-virus, anti-spam, intrusion prevention, web content filtering and IPsec VPNs. User authentication options are extensive as you can use Active Directory, NT domain, RADIUS or LDAP servers and the appliance maintains its own database of users and groups. Systems can also be identified by their IP address, you can maintain IP address pools and even tie users to specific systems where they are only allowed to log in from an assigned address or a pool.
We opted for the transparent bridge mode for testing and had the appliance up and running in a few minutes. The main web console is a tidy affair and offers a useful startup wizard that helps you pick the operational mode, assign IP addresses to the interfaces and set up email notifications. The HTTP proxy can be configured with custom ports if required and there's also a pharming protection option that will stop users being redirected to dodgy websites.
Zones are used to group physical ports together. You employ these when setting up custom firewall rules where you add your sources and destinations, assign selected services, decide whether to block or allow traffic, and use time schedules to determine when they are active. It's here where you can add user authentication and choose which protocols should be scanned for viruses and spam. There's much more to the rules, which can include policies for IDP, web filtering and bandwidth restrictions.
Cyberoam's policies go much deeper, as they can be applied to selected groups or individual users. Each can have their own web filtering, internet access and bandwidth policies but you can also apply their own web access times plus upload and download data transfer restrictions. For the latter, you can apply daily, weekly, monthly or yearly limits. During user policy creation you can view each policy in a pop-up window so you don't need to keep swapping across different screens.
Anti-spam options are plentiful, as you can apply a global policy to all users and then fine tune it with custom policies for specific users and groups. Advanced features provide plenty of choices for what to do if spam is detected. You can have different policies covering attachment sizes, mail sources and message header content plus four different options based on the appliance's spam scoring system. If one of these is triggered for SMTP you can quarantine, drop, reject or tag the subject line, while for POP3 you can only accept a suspect message or tag it.
For anti-spam testing we left the appliance chugging away in the background on its default settings where it filtered our live email. At the end of the test we reported a 97 per cent efficiency with no false positives. Cyberoam's web filtering proved to be less efficient than its anti-spam capabilities. We Googled for online bingo sites and the appliance blocked us from fewer than half of the 40 sites visited. Web games proved to be slippery customers as well, as we were only blocked from half the sites visited. Online poker sites were harder to access as we were blocked from more than two-thirds of the sites accessed.
Audit logs allow you to see which administrators had accessed the appliance and a very unusual feature at this price point is the compliancy reports where you have choices for PCI, SOX, HIPPA, GLBA and FISMA. These aren't anywhere near as sophisticated as costly point solutions as they do provide audit trails but details of appliance configuration changes and who made them aren't available.
The appliance's traffic discovery tool proved to be very useful, as we could pull up views of live connections for applications, specific users or IP addresses, or see the day's activity for each category. General reporting tools are very extensive as the appliance offers tables or graphs on just about any activity. We could see who were the busiest browsers, the amount of bandwidth they were using and check on the most popular websites. Spam and anti-virus reports were just as forthcoming with detailed information and all reports can be exported to CSV (comma separated value) files for inclusion in spreadsheets.
Cyberoam makes an impressive entry into the UK market with a family of appliances offering a fine range of security features. The policies and user identity security make it flexible.