Comparing the best UTM products in the industry
Expert Ed Tittel examines the top unified threat management appliances to determine which one could be the best for your organization.
Unified threat management (UTM) can provide significant equipment cost savings and reduce administrative efforts by combining several security features into one appliance.
This article examines how to choose the best UTM appliance by comparing product series from eight of the leading vendors: Barracuda X Series, Check Point Next Generation Threat Prevention Appliances, Cisco Meraki, Dell SonicWall NSA Series, Fortinet FortiGate, Juniper Networks SRX Series, Sophos UTM SG and WatchGuard XTM and Firebox. UTM appliances share a set of basic features, such as firewall, virtual private network (VPN) and application control, and the vendors require the purchase of a license or subscription for those modules. All of the companies have entry-level units for small offices and remote locations, as well as mid-level units for small and midsize environments. Six of the eight vendors offer high-end appliances suitable for enterprise data centers.
Performance: Throughput and number of users
Performance specifications vary greatly from vendor to vendor, and some vendors have many UTM products in a series (over 40 in the case of Fortinet). The following table summarizes firewall and VPN throughput rates, as well as the maximum number of users for the featured vendors' UTM appliance series. UTM models and specifications change frequently, so consider the numbers a snapshot in time. The highest advertised firewall and VPN rates, and number of users, are indicated in bold.
Barracuda and Dell SonicWall cater mainly to small to midsize businesses (SMBs), although Dell's high-end NSA 6600 is advertised for "emerging large businesses" and is included in the "high-end" category. No Barracuda products are considered high end at this time. (If you view TechTarget's Barracuda UTM product description, you will see products listed as "high-end." However, when compared to other vendors' offerings, the high-end Barracuda products are more accurately categorized as midrange.)
It's also questionable whether the "high-end" Cisco Meraki product (there is only one in that range) should be considered enterprise-class, given the lower firewall and VPN throughput rates compared to the competition -- even though the product claims to support up to 10,000 users.
Related to performance, Barracuda, Check Point, Dell SonicWall, Sophos and WatchGuard products are known for their ease of implementation and use, which is particularly important in an SMB environment.
Features
Every UTM appliance has a firewall, VPN and intrusion prevention system, and supports application control, content filtering, malware and spam protection, as well as network- or cloud-based centralized management. Most vendors also include Web filtering, although it's an optional feature of Barracuda appliances.
Check Point UTMs include advanced networking and clustering, identity awareness, network policy management and logging and status features. The company's Next Generation Threat Extraction software package also includes threat emulation (sandboxing) and threat extraction for protecting documents from exploitable content.
Cisco Meraki appliances provide identity-based security policies, multiple WAN uplinks and 4G failover, but they do not include email scanning or SSL decryption for HTTP.
Dell SonicWall NSA Series products examine all traffic, regardless of port or protocol, unlike many competitors.
Check Point, Fortinet, Juniper and WatchGuard support advanced persistent threat protection (which is optional for WatchGuard). Fortinet, Sophos and WatchGuard also provide data loss prevention.
Customers who need detailed compliance reporting should take a close look at the Sophos products. Sophos offers iView, a separate appliance that gathers information across multiple UTMs and provides reporting to meet compliance requirements.
Pricing, licensing or subscriptions support
One of the most complex aspects of selecting the best UTM appliance for your organization is to understand software feature licenses (also referred to as "subscriptions" by some vendors). All of the featured vendors except Barracuda license UTM features, such as application control and antivirus, as separate licenses and/or in bundles. Customers choose the license term, which is usually one or three years, but can go up to 10 years in some cases.
The following table shows the lowest and highest retail costs for each vendor's appliances, along with required software licensing or subscriptions (one year). The vendors with the largest range of prices typically offer the most individual products.
Cisco Meraki appliances use a cloud-based management tool that requires customers to purchase a license for the cloud on a per-device basis. Other vendors, such as Barracuda and Sophos, provide centralized management for free.
All of the companies offer similar standard support packages, along with the opportunity to purchase premium support at an additional cost.
Choosing the best UTM product for you
Organizations that are in the market for UTM products and are already running networking equipment from a particular vendor should stick with the same vendor, assuming they are satisfied with quality, ease of use and support. Standardizing on similar equipment reduces compatibility issues and lowers the learning curve for administrators. SMBs that are looking for a change should consider Barracuda, Dell SonicWall, Sophos and WatchGuard. For the enterprise, Check Point, Fortinet, Sophos and WatchGuard stand out among the competition.