This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."
Download it now to read this article plus other related content.
Our final series of tests looked at how the various functional modules work together. We also determined the third-party suppliers for these modules and what noteworthy features one product has that the others do not.
We gave SonicWALL the top grade because of its superior antivirus features, protection rule flexibility and implementation of IM protection across all of its security modules. Juniper and IBM ISS scored lowest because of the difficulty in making changes to their protection rules. For example, in order to implement protection or blocking of a specific protocol, you have to hunt down the rules that apply to that protocol and make adjustments in several places in the user interface. The other products fall somewhere in between in terms of complexity.
Each product uses different combinations of home-grown and third-party security services to round out its UTM coverage. Astaro, Check Point and Juniper use SurfControl for Web content filtering, while the others have developed their own content-filtering capabilities. Astaro uses Snort, while the others have their own IDS engines.
Astaro supplies three virus scanners--a proprietary one using the Authentium antivirus engine, another based on open-source Clam AntiVirus, and a PCI hardware-based antivirus capability
from Sensory Networks. Juniper uses Kaspersky, and Check Point uses CA. IBM ISS uses Sophos, along with a second scanning algorithm that examines network behavior. SonicWALL and Fortinet have their own antivirus scanners.
The six products differ on how big a file attachment they will scan through their antivirus engines. SonicWALL claims an unlimited file size because it scans while streaming the packets, while the others are more limiting because they have to cache the files first. If performance bogs down, an administrator can automatically block files beyond a certain size. IBM ISS hides this setting in its advanced settings, while the others make it easier to adjust the maximum limit.
This was first published in June 2007