Product Group Tests
Today’s UTM is a sophisticated, multipurpose tool that can sit as a gateway and provide everything.
Full Group SummaryThis month we explore unified threat management, or UTMs. The notion of UTM came out of the idea of multipurpose appliances back in the day. Today's UTM is a sophisticated, multipurpose tool that can sit as a gateway and provide everything. This group has begun to mature and it is interesting to see the direction these tools have taken.
First, when we refer to a maturing group, we are talking about that point in its lifecycle where very little major innovation is occurring beyond that needed to keep pace with the genre. That certainly is the case here. While UTMs as a product group definitely are maturing, that does not mean that there aren't some good products. We saw a strong showing this year. More of the same does not necessarily mean that the product type has become a yawn. Far from it in this case.
The UTMs we saw this year are beginning to stabilize into a coherent product type with a lot of similarities in the modules they provide. For example, we used to try to define a UTM based on what it could do. Did it have anti-malware? Did it have a firewall? If something was missing, we didn't include it in the UTM review group.
Today, we don't really have that problem. Most of the products we tested do anti-malware, firewall, some sort of content filtering, IDS (intrusion detection system)/IPS (intrusion protection system), and, perhaps, anti-spam. There are a few outliers that add additional functionality, but this pretty much defines the product type. These functions, though, are not trivial to deploy, especially in a single device that acts as an inline gateway. That is pretty much a recipe for a bottleneck. So there still are challenges.
A big one is malware. This is an emerging area of concern, still. It is emerging because it is always changing. We used to worry about zero-day threats. Now it can be zero-hour. Malware is proliferating at a ferocious rate. Add phishing that lets the bugs get inside the network without having to brute-force their way past a firewall and you have a real problem - and one that is growing in complexity daily.
A good UTM won't let the bugs in, even when a user does something stupid, such as clicking on that attachment that we have told them a hundred times not to click on. So there is today's UTM challenge: finetuning and keeping pace with the threats that are emerging and morphing on, at best, a daily basis. And that is no small task.
What we most wanted to know was how complete the new crop of devices is, how easy it is to configure a beast that does just about everything to protect the enterprise, and how effectively it protects that network without being a bottleneck to traffic.
There are months where the products in our groups are so close in functionality and capability that it is very hard to differentiate. There are months where that is not such a big problem. This group was, hands-down, the former. Differentiating among a bunch of mature, capable, full-featured products always is a struggle. This month, it was a big struggle. Two different reviewers put these products through their paces. They worked in separate locations, splitting the load between them, and still the products came up very close. That is another sign of a maturing market space.
Is it time for a new definition of UTM just to spice up the market? Probably not. What is more likely is that smaller, highly competent products will get sucked up by the big UTM companies or companies that make compatible products and need to round out their product lines. That's the way it is in a maturing market, and we are ambivalent about its benefits.
No matter what, though, here is a solid, competent group of products that play a critical role in protecting your enterprise. There is a lot to absorb here so, with the caveat that next year might look quite different after the merger and acquisition machine kicks into gear, forge ahead and enjoy this month's reviews. We certainly enjoyed producing them for you.
Mike Stephenson and Mike Lipinski contributed to this Group Test.
All Products In This Group Test
- ADTRAN NetVanta 2630W
- Astaro Security Gateway
- Cyberoam CR1000ia
- eSoft InstaGate 604
- Fortinet FortiWiFi-40c
- gateProtect GPZ 2500
- Kerio Technologies Kerio Control
- M86 Secure Web Gateway v10.1
- NETGEAR ProSecure UTM9S v2.0.16-0
- SmoothWall UTM-1000
- SonicWALL NSA 4500 v5.8.1
- VASCO Data Security aXsGUARD Gatekeeper v7.6.4
- WatchGuard XTM 810 Security Bundle v11.5.1
- Wedge Networks BeSecure 1005G Anti-malware Gateway v4.0.1