Great article - best I've seen so far on UTM.

I'm considering replacing a home office router with a low-end UTM appliance with IPS as an added layer of security at the perimiter. WiFi would ba a plus, and thus I'm looking at the Fortinet WiFi 60B and Juniper SSG 5, both of which are in the price range I have in mind.

However, I see that the IPS catch rates on Fortinet and Juniper (SSG) are surprisingly poor (14-19% for critical signatures). Other manufacturers don't fare much better, unless you get into appliances in the multiples of 10K$, which is way out of the price range of a home office.

Should I conclude that a low-end UTM with IPS for a small office is a waste of money, or is there some other explanation for the poor catch rates for these appliances.

One thought that comes to mind: could it be that the signature updates on some of the low-end appliances focus more on current threats and don't include threats that are not currently in circulation, while your test signatures were more comprehensive and thus included "old" threats in addition to current threats?

Do you have any other theories on the poor IPS performance, and/or recommendations of other manufacturers I should be looking at?

Thanks for any advice...