UTM Shootout: Security Appliances for SMBs are Smaller, More Powerful and Packed with New Features

Vendors are coming up with new ways to fit enterprise-grade security features into more compact and more powerful appliances.

010515 utm 1

UTM shootout

In 2013, we looked at nine UTMs. This time around we reviewed six products: the Calyptix AccessEnforcer AE800, Check Point Software’s 620, Dell/Sonicwall’s NSA 220 Wireless-N, Fortinet’s FortiWiFi-92D, Sophos’ UTM SG125 and Watchguard Technologies’ Firebox T10-W. We found that vendors are coming up with new ways to fit enterprise-grade security features into more compact and more powerful appliances. (Read the story version.)

010515 utm 2

Calyptix

SCORE: 3.5 OUT OF 5

We tested the AE-800, which comes with four wired Ethernet ports. None of the Calyptix boxes come with wireless access points. Calyptix has the simplest pricing: You get everything they offer without having to purchase individual subscriptions for particular features or for a certain number of users. If you have relatively modest security needs and are on a budget, this might be the right box for you. On the other hand, we found that Calyptix has the least intuitive web UI, with a complex series of menu buttons across the top and left-hand sides, and the UI itself seems somewhat old-fashioned and a bit cryptic. Also, VPN support is somewhat limited.

010515 utm 3

CheckPoint

SCORE: 4.8 OUT OF 5

CheckPoint has been our favorite in terms of ease of initial setup and its user interface is still the best by far. Commands are intuitively laid out, there is ample use of graphical elements. Just by clicking on a couple of buttons you can easily create protective policies. Since we looked at its product in 2013, it has added anti-bot protection. CheckPoint also added mobile VPN clients. The company has also beefed up its application controls, with more than 6,000  application policies, the most by far of any of the products we reviewed.

010515 utm 4

Dell/Sonicwall

SCORE: 3.5 OUT OF 5

The NSA 220 Wireless-N comes with seven wired Ethernet ports. Dell continues to be in the middle of the pack: it isn’t the most feature rich or have the most intuitive user interface, but it does deliver solid protection. For example, others have more capable VPNs or offer more wireless options. Dell has made several improvements in the past year, adding distributed DoS flood and botnet protection, improving IPv6 support, allowing deep packet inspection with no limits on file sizes and adding bandwidth management on a per user or per IP address basis to identify and eliminate network hogs. Another new feature is the ability to detect rogue access points.

010515 utm 5

Fortinet

SCORE: 3.8 OUT OF 5

We tested the 92-D, which comes with 14 wired Ethernet ports. Fortinet has always had a broad range of impressive features, they just aren’t packaged very well. They are trying to make their Web user interface easier to navigate, but it still seems somewhat behind the times. However, they have added a few new things to their latest firmware release, including having the second broadest range of application signatures, at more than 3,400 separate rules. Fortinet also offers a primitive DLP monitor. And it augments its anti-malware scanning by using a cloud-based sandbox.

010515 utm 6

Sophos

SCORE: 3.7 OUT OF 5

We tested Version 9.3 of the UTM firmware. It includes some advanced features that distinguish the unit, including web server reverse proxy protection and the beginnings of APT protection. Also new is the ability to enforce web traffic policies on encrypted connections without the need to decrypt the actual traffic. One nice default is that Sophos will send any file to be first analyzed with its cloud-based sandbox. Sophos has also improved its applications control. Sophos has its own endpoint protection client called Live. It only works to protect Windows endpoints.

010515 utm 7

WatchGuard

SCORE: 4.8 OUT OF 5

WatchGuard recently announced Dimension, real-time visualization tool that can be used to quickly identify emerging threats and network usage trends. Other new features include active threat map, which shows by location where identified threats originate by geo-locating their IP addresses; and FireWatch, which shows you the most popular destination domains and most active users. Also, there are more than 2,000 custom application behavior controls. And WatchGuard has excellent VPN support.