Bake-off: Unified Threat Management

Security: It's foremost in the thoughts of solution providers, VARs and just about anyone who uses a computer. This year alone, the CRN Test Center has taken a look at some of the latest and greatest in security products. These products range from software solutions that protect the desktop to complex Unified Threat Machines.

UTMs, as the name suggests, are all-in-one-security solutions. They use a multicomponent approach to dealing with threats, often comprised of antimalware, antispam and intrusion-detection capabilities. UTMs often differ in which features they are strongest. The Test Center examined a number of different UTMs over the past year against a variety of scenarios. This report looks at three of the better performers to see how they match up given today's threat landscape.

The contenders include SonicWall's Network Security Appliance 2400, Sophos' WS1000 solution and eSoft's 404e device. All of those products received high marks from reviewers during UTM bake-offs this year, yet the goal for this bake-off was to determine which of the three solutions performed the best intrusion detection, logging of intrusion attempts and remediation.

SonicWall's NSA 2400
The Network Security Appliance 2400 is a very good appliance and it efficiently does the job as an all-in-one network security solution. The NSA 2400 offers granular control, flexible dashboard views and some really top-notch customer support.

The dashboard feature in the management interface stands out. The page can report threat statistics on a global scale. It can consolidate all threats being reported by devices reporting back to SonicWall's network, or can just report on the local NSA 2400 alone. The dashboard gives numbers on "Top Viruses Blocked," "Top Intrusions Prevented" and other threats. There is also the ability to create an on-the-fly PDF file of either the global or local dashboard.

The ability to list current top intrusions is very useful. Along with the appliance's robust, in-the-box reporting capabilities, it adds up to strong intrusion detection. The reports not only can be saved locally, but can be uploaded to SonicWall's tech support. A minor complaint: After uploading a diagnostics report, the system confirmed that the report was successfully sent, but there was no readily discernible way to verify the exact data sent and to whom it was sent.

The NSA 2400's firewall stands out as providing remarkably granular configuration that is not a headache to set up; there are a multitude of native services that firewall rules can be configured for from Citrix to Zeb Telnet.

Next: Sophos' WS1000