What is it?
Wait, isn’t that a NGFW?
Well why have one buzz word when you can have two. The UTM in my opinion builds on the NGFW base, but they also tend to throw in as many other services as they can fit such as web content filtering services, WAF, antivirus, Load Balancing, Secure e-mail management services, wifi management the list goes on. That said the lines between NGFW and UTM are blurry to say the least and I think that’s just the way marketing teams like it.
Why pick a UTM?
Some UTM vendors tend to get a bit carried away with feature consolidation and overall system capabilities. Quite simply consolidating several services into a single device does not come without its compromises. More features means more things can go wrong, which increases your failure domain, so should a single feature fail you could end up with unanticipated downtime. In certain cases the marketed features can sometimes feel as though they have been added in simply to check a box, which in the real world leave gaping holes where expected functionality simply does not exist. In the long run this can be both infuriating and costly.
That said the benefits of a single management device with intuitive configuration and embedded reporting can make a UTM device worth every penny in the right environment.
I have listed the most popular UTM vendors below with a brief summary noting the key features they offer and which models I would consider suitable for a SMB environment. Although many of the vendors would keenly point out that they can scale up to Data Center grade devices with all the features. The reality is most small to mid-size companies do not have more than a 1Gbps Internet connection and large companies will have dedicated security teams and generally not want to risk putting all of their eggs in one basket.
Information regarding Enterprise Firewalls and models I would consider suitable for large businesses are included in a separate post.
Gartner Magic Quadrant for Unified Threat Management’s regular front runner.
Notable Missing Features: reverse proxy is available, but as a separate product
- Fortigate 30
- Fortigate 60-90 Series
Checkpoint have always been feature rich and as with Fortinet almost all products can be classed as UTM if you purchase the appropriate software. To that end just like Fortinet they haven’t listed specific models being “UTM” So for the purposes of this post, I have classed Checkpoints Small Business and Small Branch Office Security Appliances as UTM.
- 600 Appliance
- 1100 Appliance
- 2200 Appliance
The Sophos UTM has steadily evolved over the years based on the companies they have purchased. The UTM 9, based on the Astaro Security gateway had a good following and is still supported by Sophos, but they have upgraded their latest product to encompass their Cyberoam acquisition of early 2014 with the XG Firewall series. Sophos has 14 physical appliances of the XG from desktop through to data center. as well as virtual appliances for Hyper-V, VMware and Citrix.
Key Features: Firewall, IPS, Anti-malware, Host Protection, Botnet protection, WAF, VPN, URL Filtering, Antivirus, Anti-Spam and Email Security, wireless controller, QoS, HTTPS scanning, Web Cache Proxy
- XG Desktop Series
- XG Series 1U
More Information: https://www.sophos.com/en-us/products/next-gen-firewall.aspx
Dell purchased SonicWALL back in 2012 and retained the SonicWALL brandname. The SonicWALL range does extend from small to large systems but the TZ Series is their flagship UTM solution.
Key Features: Firewall, IPS, Antivirus, DPI, Content Filtering, Anti-Spam, NAT, QoS
More Information: http://www.sonicwall.com/products/sonicwall-tz/
Meraki MX, is probably the closest Cisco come to offering a UTM. The ASA product line is a good firewall and FirePOWER certainly improves their standing with IPS. however they do seem to fall short of most of the UTM features expected in a one device to rule them all scenario.
The Meraki MX has great potential and the cloud based management has certainly been a huge hit with wireless, sadly however the MX range does lack most of the features present with other UTM solutions. Also their pricing model can be a turn off for many businesses.
More Information: https://meraki.cisco.com/products/appliances
Key Features: Firewall, IPS, Antivirus, Anti-Spam, Content Filtering, Application Control, Reputation based filtering
- Firebox T and M Range
- XTM Series
More Information: http://www.watchguard.com/wgrd-products/utm/overview