Choosing the right UTM appliance

Dave Mitchell shows you what to look for when choosing a threat-management appliance


Small and medium-sized businesses (SMBs) can't afford to skimp on network security. Why? It would make them a top target for cybercriminals. Attacks on SMBs are expected to increase during 2016, which means they must think like enterprises if they want to survive.

Unified threat-management (UTM) appliances, which now provide a huge range of security measures, are the perfect solution to this problem. Even better, vendors are creating ranges of affordable products specifically aimed at SMBs, without compromising on features. Many have just ported their enterprise software onto the smaller boxes so you get all the same security benefits on less powerful hardware.

What's the point?

Point solutions for single security services such as antivirus or web filtering are impractical for SMBs, because they're both expensive and complex to manage. It gets worse if you're using multiple products from different vendors, as they each have their own management interfaces and won't talk to each other.

UTM appliances are ideal for SMBs with limited IT expertise, since they amalgamate every security service in a single unit. Many UTM appliances are managed via a unified web interface, or an application that provides full access to all of their features.

Advertisement - Article continues below
Advertisement - Article continues below

Deployment is simple and, as all of the internet traffic will be passing through a single point on the network perimeter, it's simple to apply security policies to all of your users. Keeping the appliances updated is easy, too, with functions for downloading and applying the latest signatures.

Feature creatures

The sheer range of security options available on these appliances can be overwhelming. However, they all start out with a standard SPI firewall augmented to support IPsec and SSL VPNs for secure site-to-site and mobile user connections. Next up is antivirus scanning, which checks web, FTP and email traffic for viruses and spyware, blocking suspect items at the gateway.

Intrusion-prevention services (IPS) are equally important. These use signatures provided by the vendor to catch attacks such as SQL injections and cross-site scripting. Web filtering should also be on your shopping list: it allows you to decide which websites your users are allowed to visit.

URL category filters are also available. If you want to stop users playing web games at their desks, just block the category and watch productivity increase. Many have options for blocking social networking sites, such as Facebook, but if you have a solid business case for using these, you should instead apply application controls.

These are more granular and vendors include options for hundreds, and in some cases, thousands of common applications and categories. With these, you could allow staff to access the company Facebook account, but not play games or videos.

Licence to perform

UTM appliances are long-term investments, meaning you won't want them running out of steam as your userbase expands and gateway traffic increases. All vendors quote performance figures with different security services enabled, but don't be drawn in by firewall throughput rates.

Advertisement - Article continues below

These are maximised because they're tested using lightweight UDP packets, which don't represent real-world usage. Tools such as antivirus scanning and IPS place more stringent demands on hardware -- use these lower figures as a baseline when sizing the appliance for future demand.

Vendors offer subscription-based licences to enable the various security services, and it pays to research these to ensure you're getting the ones you need. Out of the box, appliances only have their firewall and VPN support enabled; additional licences are required to activate features such as gateway antivirus, web filtering, IPS, application controls and anti-spam.

Subscriptions usually run for one- or three-year terms and you can make big savings by opting for the longer period. Make sure you've done your homework on future bandwidth requirements, though, as few vendors offer licensed performance upgrades on existing hardware.

If users start complaining about poor internet-response times, don't be tempted to turn off security services. You may be able to get a deal with the vendor to upgrade to a faster model at a reduced cost.

Wireless for all

You won't encounter any issues securing your wireless services on most UTM appliances. This is good news for businesses with a mix of wired and wireless clients, as it means they can apply the same security checks and restrictions to all traffic.

Advertisement - Article continues below

More appliances are coming with an integral wireless access point (AP), but check the standards they support as these vary considerably. Sophos' XG 135w supports fast dual-band 802.11ac, but Barracuda's F80 only supports basic single-band 802.11n.

Advertisement - Article continues below

Even appliances without an integrated AP can manage wireless traffic. Both WatchGuard's T30 and Dell SonicWALL's TZ300 will recognise the respective vendor's own external APs and instantly provision secure wireless services.

Stay safe

Enterprises that are caught with their data-security pants down can afford to pay the fine and learn lessons, but that's not often the case with SMBs. A data breach will cause irreparable damage to their reputation and only the lucky ones will survive.

Compared to recovery costs, UTM appliances represent a comparatively small outlay. They offer a remarkable range of features for the price.

This article originally appeared in PC Pro issue 259.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020