Choosing the right UTM appliance

Dave Mitchell shows you what to look for when choosing a threat-management appliance


Small and medium-sized businesses (SMBs) can't afford to skimp on network security. Why? It would make them a top target for cybercriminals. Attacks on SMBs are expected to increase during 2016, which means they must think like enterprises if they want to survive.

Unified threat-management (UTM) appliances, which now provide a huge range of security measures, are the perfect solution to this problem. Even better, vendors are creating ranges of affordable products specifically aimed at SMBs, without compromising on features. Many have just ported their enterprise software onto the smaller boxes so you get all the same security benefits on less powerful hardware.

What's the point?

Point solutions for single security services such as antivirus or web filtering are impractical for SMBs, because they're both expensive and complex to manage. It gets worse if you're using multiple products from different vendors, as they each have their own management interfaces and won't talk to each other.

Advertisement - Article continues below

UTM appliances are ideal for SMBs with limited IT expertise, since they amalgamate every security service in a single unit. Many UTM appliances are managed via a unified web interface, or an application that provides full access to all of their features.

Deployment is simple and, as all of the internet traffic will be passing through a single point on the network perimeter, it's simple to apply security policies to all of your users. Keeping the appliances updated is easy, too, with functions for downloading and applying the latest signatures.

Feature creatures

The sheer range of security options available on these appliances can be overwhelming. However, they all start out with a standard SPI firewall augmented to support IPsec and SSL VPNs for secure site-to-site and mobile user connections. Next up is antivirus scanning, which checks web, FTP and email traffic for viruses and spyware, blocking suspect items at the gateway.

Advertisement - Article continues below

Intrusion-prevention services (IPS) are equally important. These use signatures provided by the vendor to catch attacks such as SQL injections and cross-site scripting. Web filtering should also be on your shopping list: it allows you to decide which websites your users are allowed to visit.

Advertisement - Article continues below

URL category filters are also available. If you want to stop users playing web games at their desks, just block the category and watch productivity increase. Many have options for blocking social networking sites, such as Facebook, but if you have a solid business case for using these, you should instead apply application controls.

These are more granular and vendors include options for hundreds, and in some cases, thousands of common applications and categories. With these, you could allow staff to access the company Facebook account, but not play games or videos.

Licence to perform

UTM appliances are long-term investments, meaning you won't want them running out of steam as your userbase expands and gateway traffic increases. All vendors quote performance figures with different security services enabled, but don't be drawn in by firewall throughput rates.

These are maximised because they're tested using lightweight UDP packets, which don't represent real-world usage. Tools such as antivirus scanning and IPS place more stringent demands on hardware -- use these lower figures as a baseline when sizing the appliance for future demand.

Advertisement - Article continues below

Vendors offer subscription-based licences to enable the various security services, and it pays to research these to ensure you're getting the ones you need. Out of the box, appliances only have their firewall and VPN support enabled; additional licences are required to activate features such as gateway antivirus, web filtering, IPS, application controls and anti-spam.

Subscriptions usually run for one- or three-year terms and you can make big savings by opting for the longer period. Make sure you've done your homework on future bandwidth requirements, though, as few vendors offer licensed performance upgrades on existing hardware.

If users start complaining about poor internet-response times, don't be tempted to turn off security services. You may be able to get a deal with the vendor to upgrade to a faster model at a reduced cost.

Wireless for all

You won't encounter any issues securing your wireless services on most UTM appliances. This is good news for businesses with a mix of wired and wireless clients, as it means they can apply the same security checks and restrictions to all traffic.

Advertisement - Article continues below

More appliances are coming with an integral wireless access point (AP), but check the standards they support as these vary considerably. Sophos' XG 135w supports fast dual-band 802.11ac, but Barracuda's F80 only supports basic single-band 802.11n.

Even appliances without an integrated AP can manage wireless traffic. Both WatchGuard's T30 and Dell SonicWALL's TZ300 will recognise the respective vendor's own external APs and instantly provision secure wireless services.

Stay safe

Enterprises that are caught with their data-security pants down can afford to pay the fine and learn lessons, but that's not often the case with SMBs. A data breach will cause irreparable damage to their reputation and only the lucky ones will survive.

Compared to recovery costs, UTM appliances represent a comparatively small outlay. They offer a remarkable range of features for the price.

This article originally appeared in PC Pro issue 259.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now


unified threat management (UTM)

Sophos XG 135w Rev. 3 review: The full package

25 Feb 2020
unified threat management (UTM)

WatchGuard Firebox T70 review: Compact but capable

24 Feb 2020
unified threat management (UTM)

Zyxel NSG200 review: A fine spread of features

21 Feb 2020

Most Popular

Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020

These are the companies offering free software during the coronavirus crisis

25 Mar 2020

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020