Review: Putting UTM To The Test

No unified threat management solution on the market today is a silver bullet for security woes. This is partly due to a lack of standards for evaluating data streams inside a UTM software stack. Essentially, every UTM appliance on the market has its own way of analyzing data packets. As the packets pass across the multilayered UTM stack, vendors often use one of two approaches to evaluate threats: the stack either checks data packets in sequence or in parallel as packets pass each security technology.

The parallel technique seems to be popular because it produces less latency across the UTM technologies. There are shortcuts that can make the process work faster but speedy results sometimes allow nonsanitized packets to pass to users' machines. The parallel technique also allows for cross-checking in case further inspection is required. After inspecting packets across, vendors create their own verification rules. But keep in mind that there are no UTM security standards for evaluating packet streams, so buyer beware.

Methodology
CRN Test Center reviewers selected three midmarket UTM solutions for comparison: Fortinet Inc.'s FortiGate 1000A, WatchGuard Technologies Inc.'s Firebox Peak X6500e and Untangle Inc.'s open-source platform. Reviewers did not run performance tests of midmarket UTM appliances because they are too complex and depend on network interaction, including physical capabilities of each box. Instead, reviewers looked at functionality and configuration capabilities of each solution. Scoring emphasized management, levels of protection and data inspection capabilities.

Next: WatchGuard Firebox Peak X6500e