WatchGuard XTM 810 Security Bundle v11.5.1
Strengths: Management; application control features; dashboarding.
Weaknesses: None noted.
Verdict: Lots of features but they come at a cost. A bit pricey and needs just a bit of simplification in deployment and administration.
SummaryThe WatchGuard XTM 810 Security Bundle is a full-featured security appliance for midsize businesses. It combines signature and heuristics-based anti-malware, recurrent pattern detection anti-spam, and multi-layered anti-phishing (anti-virus, reputation, URL filtering and content-type filtering). XTM 810 controls more than 1,800 unique applications using a hybrid signature and behavior analysis engine. It includes a firewall, application control, anti-virus, intrusion prevention systems (IPS), web filtering, anti-spam and reputation-enabled defense for protection against multiple classes of threats. It also features site-to-site and remote access virtual private networks (VPNs), identity-based policy creation with support for Windows Active Directory and LDAP (lightweight directory access protocol), traffic shaping, multi-WAN (wide area network) support and virtual local area network (VLAN) support.
Initial setup was pretty simple. We plugged in the appliance to our internal switch and our internet switch. Our test systems were handed an address via dynamic host configuration protocol (DHCP) in the default IP range, and we were able to browse to the web-based user interface, set up the network configuration we desired, set up the internet interface, and we were ready to program the device. For the initial configuration of an XTM appliance, there is a quick-setup wizard accessible either via a browser or from the WatchGuard System Manager application. We used the web-based user interface (UI) for our testing. It is important to note that there is a system manager application that comes with the product for managing the device or multiple devices from a centralized location. One also has the ability to set up multiple configurations under this model and configure pop-up alerting. There is a policy manager tool for creating and modifying policies. The intrusion detection system (IDS) function works like any other intrusion prevention system (IPS), but in this case there is a nicely integrated common vulnerabilities and exposures (CVE) reference function to look up information on a particular signature from right within the interface. There are also IDS policy templates for one to customize. Anti-malware is provided using AVG's signature match and behavioral analysis engines.
Logging can be kept on the appliance or sent off to a log host. Alerting is available and tunable by specific events and is delivered via email. Dashboarding is available for most system and security functions. Reporting is available with the application control features.
Documentation for the tool is very well done. One year of LiveSecurity Plus is included with the XTM 810 Security Bundle, and support is sold on a three-incident pack basis for $519. From an investment protection standpoint, one is able to upgrade to the next higher model with the purchase of a software license key. The price as tested at $12,805 puts this in the middle to upper price range, but one gets a lot of functionality in an easy-to-use solution.- ML