- New attack fells Internet Explorer
- Steve Jobs is a man of a few words
- Oddball gifts for uber geeks
- Global warming research exposed after hack
- Google adding IPv6 to YouTube
| Intro to UTM Testing | Testing categories | Product Summaries | Click tabs to expand |
|---|
Are there unified threat-management firewalls with the chops to provide the perimeter-security functions that an enterprise needs? In this Clear Choice Test, we set out to determine whether we could find a UTM firewall that could scale up successfully in performance, feature set and manageability.
We tested 13 UTM products from 12 hardware vendors and nine software vendors, all aimed squarely at the enterprise. We evaluated these products on performance. Could they deliver firewalling at gigabit speeds in an environment that included virtual LANs, dynamic routing, high availability and centralized management? And could they perform with intrusion-prevention systems (IPS) and antivirus turned on?
No single product came out on the top, but Juniper Networks, Check Point Software and Cisco were head and shoulders above the rest.
While products from these three companies can be beat in individual categories (IBM Internet Security Systems [IBM/ISS] soared in the IPS category, and Fortinet beat folks hands down on antivirus tests), they consistently finished among the top performers in all categories.
Because Check Point was represented four times (with its software riding on its own UTM-1 2050 box, as well as on hardware from Crossbeam Systems, IBM and Nokia) and Juniper twice (once on its ISG-1000 and once on its SSG-520M), these two vendors claimed the top seven spots on our scorecard.
We give the firewalls within these all-in-one devices an enthusiastic stamp of approval. Their UTM features, however, are another matter. We found that most products have dangerously variable performance characteristics when such UTM features as antivirus and IPS are turned on. We also found that the IPS and antivirus coverage in most products is not particularly strong. We had a few outstanding products in those tests, but not enough consistent winners to say that every enterprise should jump onto the UTM bus.
Snyder is a senior partner at Opus One, a consulting firm in Tucson, Ariz. He can be reached at Joel.Snyder@opus1.com.
Snyder is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (4)
RE: 'All-in-one' firewalls fall shortBy Mohammed on November 13, 2007, 5:19 amGood work in finding out UTM performances. There is also one UTM brand with name CYBEROAM (www.cyberoam.com). Where does this product stand in your testing. I...
Reply | Read entire comment
Cyberoam didn't want to be comparedBy Joel Snyder on November 13, 2007, 1:26 pmCyberoam was invited and elected not to participate. Here is their response: "I wanted to let you know that unfortunately, Cyberoam will no longer be able to...
Reply | Read entire comment
crap product despite its glitsy marketingBy Anonymous on February 28, 2009, 12:30 pmam not a techie, but boy this product called cyberoam is a shitty product. they had it installed in our system and every 5 mins we would lose our internet connection...
Reply | Read entire comment
all-in-one By Anonymous on July 20, 2009, 7:26 ami can recommend ideco , excellent but not so well known product , it has great traffic filtering options vpn and more
Reply | Read entire comment
View all comments