Published: 01 Apr 2007
GOLD | Check Point VPN-1 UTM
Check Point Software Technologies
Price: Starts at $7,500
Readers gave Check Point's VPN-1 UTM, formerly known as Express CL, high marks for the depth of security it provides and its form factor. But there's plenty to be said for the company's stability as a security vendor.
VPN-1 UTM offers firewall, intrusion prevention, anti-virus, antispyware, Web application firewall, and both IPsec and SSL VPN, within a single integrated platform. All these functions can be centrally controlled and updated in real time.
Geiger Brothers, the largest privately held promotional products company in the country, has used Check Point for more than eight years. "We have looked at other products and there are some cheaper solutions," says Rob Herman, IT operations manager with Geiger Brothers. "But Check Point is centrally managed so it cuts down on administration and overhead."
Geiger Brothers uses Check Point primarily to secure its 20 field offices across the country with its headquarters in Lewiston, Maine. "We really like Check Point because it's very secure and seamless to manage," says Herman. "It's also very stable. I've been here for five-and-a-half years and we've had very few problems with downtime."
Herman also notes that Check Point, while relatively small, sells to enterprise-sized companies. "They've got some big clients so obviously they're doing something right," he says.
Check Point's ease of use may have something to do with its target market of midsized offices and branches. "They have to conform to internal auditing requirements and they need options in terms of monitoring and reporting to management," says Dave Burton, director of product marketing with Check Point. "They want something that's easy to install and get up and going, and Check Point offers all of that."
Check Point also has a VPN-1 UTM Edge product specifically for companies with branch offices. "We've seen a trend toward appliances increasing in branch-sized offices," says Burton. "These branch offices don't have a security expert on-site and they want multiple security applications in one device. UTM Edge does just that."
Many UTM providers don't offer SSL and IPsec VPN as part of their solution; Check Point does. Although they come installed, users must purchase separate licenses to use them.
SILVER | Cisco Systems' ASA 5500 Series Adaptive Security Appliance
Readers were sold on Cisco's ASA 5500 UTM product, especially for its breadth of functions, such as firewall, IPS, VPN and antimalware. Service and support also rated well. "We like it because of its ability to recognize unusual behaviors," says Carl Goodman, IS manager with Premier Valley Bank in Fresno, Calif. "Other vendors just work with signature files. I liked that proactive approach." Goodman has used ASA 5500 for six months to secure his employer's internal network, and was high on Cisco support. "Cisco was the leader in new technologies, and because they're a large company they have a lot of staff if I have a question," he says.
BRONZE | SonicWALL PRO
SonicWALL PRO's ability to provide deep-packet inspection of network traffic earned high marks from readers. They also noted its form factor and ROI, while indicating SonicWALL still has some work to do with installation, configuration and management of the platform. SonicWALL Pro includes enterprise-class networking, routing, firewall, secure wireless and IPsec VPN in one appliance. Melissa Young, information technologies manager with the Portland State University Bookstore, says SonicWALL PRO protected her employer's network from a virus that struck the Oregon university's network. "What I find useful about SonicWALL PRO is that it can take care of itself," says Young. "When I started here six years ago I had never set up a firewall before. For a novice to get it up and running for six years without any problems is great."
Clear network picture spares UTM headaches
Buyers beware: Defining your security requirements saves you time and money with your UTM vendor.
If your organization is shopping for a unified threat management appliance, users stress the importance of diagramming your network before sitting down with a vendor.
"We talked with our provider about what our network would look like and the implementation between [Juniper Networks'] SSG in our Internet space and the SSG in our local corporate network space; that was fully documented and agreed upon," says Matt Lauth of Six Disciplines, a corporate coaching service based in Findlay, Ohio. "Once that was agreed on we just followed the recipe. It made the implementation work very smoothly."
Lauth says if you don't define your security requirements with your solutions provider you end up spending too little in critical but overlooked areas, and spending too much on features that aren't necessary for your operation. "By documenting our network we were able to perform a balancing act," he says.
Midmarket and smaller firms with 100 users or fewer are wise to hire a solutions provider for a UTM installation, says Melissa Young, information technologies manager with the Portland (Ore.) State University Bookstore. "The first time I installed SonicWALL's UTM device, I wish I had hired a consultant," she says. "It was easy to operate but I wish I was more knowledgeable about it and a consultant could have helped me there."
Shopping for UTM devices isn't easy, even with a solutions pro-vider, says Adam Hansen, manager of IT security with the Chicago-based law firm Sonnenschein Nath & Rosenthal.
"They'll do everything possible to try to confuse what you're getting," says Hansen, who eventually chose ISS's Proventia MFS UTM appliance. "One vendor was calling something antivirus when it really wasn't. Then, when you [talk with] references, you find they had to change things and upgrade things after they bought the product."
Hansen chose ISS in part because it agreed to his demand to put in writing all the products it was proposing for his needs, the function and performance of each product, and price quotes.
Once Hansen understood each ISS product, his decision was easy--and the product has worked great, he says. "With UTM you get a lot of vendors with good products but they don't have a good fit for your company," he says.