Bake-Off: Unified Threat Management Appliances

You can squeeze a whole lot of security out of a good Unified Threat Management (UTM) product, because these appliances carry up to a dozen intrusion-prevention and network-protection safeguards all in one box. For the most part, solution providers like to install a UTM device at a small- to midsize-business client site and let it handle jobs typically taken on by several hardware and software solutions. ClearPointe Technology has taken that strategy and run with it.

The Little Rock, Ark.-based managed service provider gathers threat data from all the UTM appliances it has deployed at client sites. That data is collected at ClearPointe's security operations center (SOC) and passed along to the company's network operations center (NOC) to arm the MSP with up-to-the-minute details about possible security threats originating from various places around the globe.

Of course, few systems integrators or MSPs have operations on the scale of a ClearPointe, whose NOC was recently certified by the MSP Alliance for outsourcing by other VARs looking to provide managed services without making a large, up-front investment. Still, even if one isn't tapping UTM appliances for all they're worth like ClearPointe, the devices are growing in popularity with solution providers and their customers.

The way to measure the growth of demand for UTM appliances isn't in sales of the various products from vendors like Fortinet, Astaro, eSoft and SonicWall, said Gartner analyst Greg Young. "Putting a single number on the size of the market is very difficult. There are 10 or 12 possible safeguards put on these devices. And in recent years, there's been a steady growth of putting new safeguards into UTM devices. The actual growth is in how many subscription services they enable on a device," he said.

On a typical UTM box for an SMB client site, those safeguards would include a firewall, antispam and antispyware software, and various antiphishing, network security, and worm-detection and isolation tools. Web and e-mail security might also be available on a UTM appliance, but keep in mind that even the smallest IT environments can probably handle those tasks better with a purpose-built solution, warns Tom McArthur, president of Waltham, Mass.-based managed security services provider Storbase.

So, what should you look for in a UTM appliance? In the following pages, CRNTech's Test Center puts three of the most popular devices through their paces. But first, a quick word of advice from Deepak Thadani of Sysintegrators. The New York-based security specialist has had plenty of experience listening to UTM vendors, and Thadani offers an interesting view on what to avoid.

"With those manufacturers who look at training as a profit center, it's a painful process. With those who just want to get you up to speed, it's easy. Different manufacturers look at VARs in different ways. Some look at us as customers, and they're looking to make money off us. But those who look at us as partners are trying to enable us and empower us to go out and sell solutions," Thadani said. "So, when it comes to training on a UTM appliance, give me a break. It should be a one- or two-day class. Anything more, forget it."

Methodology
CMP Channel engineers configured and installed three UTM appliances—Astaro's Security Gateway 110/120, eSoft's InstaGate 604 and SonicWall's TZ 180. All three UTM appliances are designed for small corporate offices or companies with simple network configurations. After installing the appliances, engineers tested various security, network and firewall features. While the three vendors included a wide array of configurations based on what they think is important to secure, engineers placed greater value in their scoring on key features such as intrusion detection and content inspection. What's more, engineers looked at other revenue sources that the appliances and vendor support programs can provide to SMB solution providers.

Next: Astaro Security Gateway 110/120