Shootout results: Best security tools for small business

Check Point comes out on top; Kerio, WatchGuard, Cyberoam and Sophos score high in review of unified threat management (UTM) devices

If you run a small business, you have a lot of choices to protect your network. You can buy a consumer-grade router for less than $50, you can spend more than $4,000 for an enterprise firewall, or you can select something in between.

That’s where unified threat management (UTM) products fit. UTMs integrate five basic security features: firewall, IDS/IPS, anti-virus/anti-spam, VPN and outbound content filtering to prevent phishing and browser-based attacks. UTMs offer easy setup and they can support a 25-person small business for an average of around $1,500.

We tested eight devices: Check Point Software's 640, Dell/SonicWall's NSA 250MW, Cyberoam CR35iNG (which is now a separate company from Elitecore Technologies), Fortinet's FortiGate-100D, Juniper Networks' SRX220H-POE, Kerio Technologies' Control 1100, Sophos/Astaro's UTM 220, and WatchGuard Technolgies' XTM 330.

Here are our top-line findings:

  • Check Point is our Clear Choice Test winner. The Check Point 640 UTM is the cheapest and most capable box -- two things that usually don’t go together -- and the most appropriate UTM device for the SMB marketplace. It has an appealing user interface, a lot of great security features, and is simple to manage and create new security rules. It also works well with mixed Mac/Windows networks.
  • Kerio, WatchGuard, Cyberoam and Sophos were runners-up. All had solid protective features and were nearly as easy to manage as Check Point, but cost more. Dell, Juniper and Fortinet all had their issues, which we describe in the individual reviews.
  • In addition to the five basic UTM features, all of the vendors have included extra functionality. For example, Dell/SonicWall and Check Point included a wireless access point inside the box. WatchGuard and Fortinet have management software that will work with their own external Wi-Fi access devices.
  • Several units also include Web applications firewalls that can be used to selectively block particular applications from running on the internal network, while others include traffic or bandwidth management to eliminate network hogs or to at least clamp down on potential bandwidth abuses.
  • Units from Check Point, Fortinet and Kerio can be used to connect to two different upstream Internet connections, such as a cable modem and a DSL link, for the ultimate in connection diversity on a budget. This provides failover in case one link goes down, or can be used for dynamic load balancing between the two connections. Dell/SonicWall can even support up to four connections.
  • Several vendors have begun to incorporate various cloud-based services into their devices to offload some of the security processing tasks. For example, they can automate firmware and virus definition downloads, upload logs for more in-depth analysis, and handle anti-virus screening.
  • Some boxes have only four gigabit Ethernet ports while others have more: if you don’t have a network switch but have lots of wired connections, you will need to weigh the purchase of a separate network switch vs. a bigger UTM box with the wired ports built in.
  • In some cases, such as on Check Point’s or Juniper’s box, any port can be defined to any network: WAN, LAN, DMZ, or to a special restricted guest network. In others, such as Fortinet’s, you are limited in terms of what you can attach to each port. Some boxes, such as Kerio, Sophos and Check Point, have a simple “LAN Switch” setting so that anything you attach can be connected to anything else across a single flat network topology, which is probably the most common situation. This makes them easier to setup, and also easier to manage if you know ahead of time that you don’t have to worry about where you attach your cables.

SEcurity tools

To continue reading this article register now