Product Details
Product Rating
BorderWare MXtreme Mail Firewall MX-200
Check Point Safe@Office 225
CipherTrust IronMail S Series
Demarc Sentarus 5
Equiinet NetPilot Plus
Equiinet SentryPilot
Fortinet FortiGate 60
InstaGate PRO Firewall and VPN appliance
IronPort C10 Messaging Gateway Appliance
Mirapoint RazorGate 100
ServGate EdgeForce Accel
SonicWALL PRO 4060
WatchGuard Firebox X1000
ZyXEL ZyWALL 70 Internet Security Appliance
This test looks at a very wide variety of products designed to cope with an equally wide range of scalability demands. All the products offer different functions, so we could not make a like-for-like comparison. But in terms of meeting the security needs of smaller and medium-sized firms by providing a holistic, multi-functional solution in a single box, our Best Buy is the SonicWALL PRO 4060, a very impressive security appliance that boasts quality management and excellent encryption throughput rates. Our first Recommended product is the Equiinet NetPilot Plus, which successfully combines a simple to deploy enterprise firewall/VPN unit with a scalable and flexible selection of best of breed AV, anti-spam and boundary filtering functions. Also recommended is the Zywall 70, a good, all-round security appliance that offers a full range of features plus some useful extras at an affordable price – also great for the small to medium-sized business. Finally, the Check Point Safe@Office unit is recommended for its combination of trusted firewall functionality with a good range of add-ins, and all wrapped up in a package that is amazingly easy to set up and manage.
Appliances (2004)
An all-in-one security appliance might sound like the answer to every IT security professional's prayers, but do they really do the job? Robert Jaques finds out
There are few who doubt that IT security is taken more seriously today than ever before by the vast majority of businesses. But as these security threats become ever more numerous, the complexity of the defenses and solutions that we have to deploy to keep pace with the dangers increase commensurately.
Viruses, spam, denial-of-service attacks, unsuitable web and email content, hackers, malicious employees, Trojans, worms, the list of potential threats goes on and on.
And it is the IT security professionals who are left to implement procedures to effectively counter these multitude of attacks.
Thankfully, integrated security appliances are able to take some of the sting out of this complexity, and offer a number of advantages over traditionally deployed, disparate security solutions. They can contain most if not all of the information security measures that an enterprise – especially a smaller-sized firm – will require in one hardware appliance, hence vastly simplifying its configuration and management.
As a consequence, security will in many cases be improved because this simplification of setting and maintaining policies means there is far less opportunity for human error to creep in.
A second advantage comes from the fact that the fewer products that are attached your network which must analyze packets of data in order to carry out their jobs, the better the performance that can be achieved.
Of course, this second point depends on the throughput and performance capabilities of each appliance, although many of the solutions under test here can be clustered to boost performance.
A common, justifiable worry with introducing integrated security into companies is that you might not be adopting best-of-breed technology into every aspect of security. How, for example, can you be sure that an appliance from a vendor that specializes in stateful packet inspection firewalls will also offer top class virus scanning in their offering?
While there is little to choose between the technical capabilities of security products these days, some companies specialize in specific areas.
A final worry for administrators about introducing an integrated device is that it might bring a single point of failure to your network. This is a major concern, and most will choose to deploy products such as these as pairs. Unfortunately, this begins to hike up the price.
While we have concentrated on some of the problems of implementing this type of technology – and it would be foolish not to – the benefits they bring to your network cannot be underestimated. Vastly reduced management overhead, coupled with reduced complexity and easier configuration are the holy grail of security professionals.
We concentrated in large part on these aspects of the products on review in this test.
The performance capabilities of these products cover a wide spectrum. Both WatchGuard and SonicWALL have produced all-in-one security appliances for some time, but they have always concentrated on smaller companies. Only now are we starting to see products with the performance and throughput capabilities that medium-sized companies demand.
The security appliances we looked at here share a number of common features. They all do their basic job of defending the perimeter of the network very well. But beyond the gateway is where the differences between each of the devices becomes evident.
And this is where we began to look at the positioning of the devices depending upon the size of your enterprise and the demands that would, or could, be placed upon each appliance.
We discovered in this group test that many of the vendors are now trying to spread the availability of their devices to both smaller and medium-sized companies, in order to cover both markets. One of the most innovative measures we have seen is to offer a basic appliance which can be quickly and easily upgraded module by module through the simple installation of a license key. This allows you to buy more functionality as and when required. Other vendors simply offer a cut-down version of the hardware for smaller companies and a larger offering for corporates.
We also discovered a marked swing towards the services factor. While a number of devices offer functionality that relies upon the maintenance of a separate database – content filtering and anti-virus, for example – only a few vendors had begun to offer an associated service for the outsourced maintenance of this database. This could appeal to both smaller and medium-sized organizations which have neither the time nor the resources to spend on updating and then looking after such services.
Of course, the differing functionality of the devices brings vastly differing price tags, which indicates that a large spectrum of different-sized organizations is targeted by these appliances.
