Product Group Tests
SME appliances (2005)
These appliances share common functions, but their device-specific characteristics and variations in scalability make like-for-like comparisons difficult. However, in terms of meeting this test’s key requirements – offering a single, easily deployed device to deliver multi-faceted security solutions for smaller and medium-sized firms, the winner of our Best Buy Award, by a small margin, is the Astaro Security Gateway 220. It augments a solid hardware platform with top-class security functionality and, crucially, class-winning ease-of-use. Three units warrant our Recommended award: Sonicwall’s PRO 2040 device combines impressive and comprehensive security functions with a truly suburb management interface; ZyXel’s Zywall 70 is a good, all-round security appliance with excellent documentation and a well-designed management interface; and Fortinet’s very capable FortiGate-500A boasts an excellent wizard-based setup procedure – we are aware of Fortinet’s ongoing patent problems, which it says should be resolved in the near future (see p52), and include this product due to its outstanding technical merits.
Full Group Summary
With viruses and worms using increasingly sophisticated methods to attack corporate networks and infect vulnerable machines, there is a paramount need for easily deployed and managed appliances that can address as wide a range of security threats as possible. This is especially true for small or medium-sized enterprises (SMEs) that might not have the luxury of large, dedicated IT departments to lock down their networks against internal and external threats.
According to the Yankee Group, 38 percent of SMEs do not have enough IT staff, while 32 percent say a security strategy takes too much time to implement, and 58 percent say the network is too expensive to maintain properly.
With a very few exceptions, we felt most of the appliances in this test needed a degree of technical knowledge to deploy and manage that might not exist in SMEs.
Setting up an effective IT security policy can be a complex process, but most of the devices tested here were relatively hard to set up and configure, and a lot had to be done to discover whether the machine was actually doing the job.
It seems most manufacturers have assumed that every company employs a skilled security professional and so simply created cut-down versions of products intended for larger enterprises.
There were only a couple of exceptions to this.
One of the most notable, and very welcome exceptions, to this was the Fortinet FortiGate-500A, which has been designed with one of the best wizard-based setup routines that we have seen in a device of this class. Inevitably, this wizard was not able to create a bespoke security configuration to suit all potential users, but it proves that ease of use can be achieved for these types of devices.
Praise is also due to the Astaro appliance that was not only easy to set up, but also provided clear management feedback data indicating that the device was working properly. Both this and the Sonicwall PRO 2040 take the plaudits for giving us a great overview of how they were running.
In many cases, security greatly improves within an organization if staff can tell what is happening and are able to make informed decisions should problems arise.
Cutting down the complexity of these boxes should be at the forefront of developers’ minds if they are to make security as comprehensive for the small firm as it is for larger organizations.
While most of the appliances do a variety of tasks, each function seems to come with an extra cost. So while the headline price might appear quite reasonable, the cost can shoot up dramatically if purchasers decide to turn on all the whistles and bells.
It is hard nowadays to justify not having any particular security function in an organization – no one would say “we can’t afford to have anti-spam running,” for example – so it seems cynical to sell multi-function devices then ask for more money just to switch on a different security option.
We would like to see more of the basics included as standard. With antivirus, for example, a lot of these devices allow companies to turn on AV functions (at a cost), but only specify one company’s AV product. We would like to see devices that allow a greater mix and match approach to this, and allow more choice for the consumer as to what AV they want to use with the appliance. This can also be said for anti-spam, anti-spyware, and so on.
However, this year there seems to be a greater emphasis on load balancing and failover. Typically seen in much larger organizations, these useful features are filtering down to smaller enterprises. Most of the products in the test offer this functionality, and we were delighted that, for the most part, this was easy to set up.
Another welcome discovery was the fact that, as expected, the performance of most of these multi-function devices ranged from acceptable to very good. Adding more functionality seems not to have had a negative impact.
We were pleased with the real-world network performance of all the machines. So, if properly configured, the devices will not be a bottleneck in the infrastructure. If that does become a problem, at least the machines can then be clustered if necessary.
There is a wide range of products here to suit nearly every organization. A couple of them seem to be able to cope with the demands of big business despite their small-business price tags.
On the whole, we were pleased with the way these products are developing, but we hope that vendors take our concerns over ease-of-use seriously if small organizations are ever to enjoy the same in-depth security that large enterprises take for granted.