Strengths: Identity-based security controls
Weaknesses: Nothing that we found
Verdict: A good choice if you can handle the price tag
Cyberoam CR2500iNG unified threat management appliance offers a multitude of security and threat prevention features for the network perimeter.
It features: a stateful inspection firewall; intrusion prevention system; full gateway anti-malware suite; anti-spam; web content management; SSL VPN; web application firewall; and controls for instant messaging applications, among many other security and reporting features. It also offers identity-based controls integrated across all of the appliance functions allowing for granular security controls based on user authentication and role.
We found deployment and configuration to be easy and straightforward. The initial deployment is done by simply connecting the appliance to the network and browsing to the default IP address with a web browser on a machine connected to the same network. When we accessed the web-based interface for the first time, we were taken through a brief setup wizard that helped us not only set up the basic appliance configuration, but also allowed us to put a base security policy in place. After the initial setup was complete, we were able to manage and fine-tune our configuration using the intuitive web-based management GUI.
This tool offers quite a lot of deployment and policy flexibility. The appliance itself can be deployed in either gateway or bridge mode. Gateway mode allows the appliance to replace an existing firewall, router and perimeter security device, while bridge mode allows for keeping the existing devices and adding additional security using the Cyberoam appliance.
Aside from deployment mode, this appliance features full identity-based security functions. Some of these include: firewall rules; IPS policy; application and web content management policy; quality of service (QoS) policy; and data leakage prevention policy. This identity-based policy allows for granular content and security control based on the needs or restrictions of a user or group of users.
Documentation included a short quick-start guide that provided a few simple steps to get the appliance up and running with a basic configuration, as well as a full user guide and several other supplemental configuration guides. The user guide featured full explanation of the product features and functions, while illustrating configuration and use of the product through many screenshots and configuration examples. We found all documentation to be well-organised and easy-to-follow.
Cyberoam offers customers no-cost, eight-hours-a-day/five-days-a-week phone- and email-based technical support, along with access to an assistance area via the website. This includes product documentation, knowledgebase and other resources. Customers can also purchase 24/7 premium support as part of an annual cost. Customers must purchase subscriptions to some of the services on the appliance to receive updates and upgrades.
At a price just under £13,799 for just the appliance and a total cost up to around £21,699 for the appliance and a year of subscriptions to the various services provided by the appliance, this product comes with quite the price tag. However, we do find that it offers a very reasonable value for money, despite its high cost.
The Cyberoam UTM appliance offers much more than just a perimeter security device, it offers a high level of granular security controls that can keep the network environment safe from many possible threats.