PCQuest : Shootout : How to Choose the Right UTM

How to Choose the Right UTM

We attacked five different UTMs with a humungous amount of viruses, spam and hacking tools to determine which of these would stand shoulder to shoulder with you in your hour of need

Wednesday, September 05, 2007

Complete security has always been utopian quest for organizations and hence an area of prime concern for IT managers. Among the whole host of security solutions available today, the one which is the simplest in configuration and management, are UTM devices. These devices provide a single point of management and maintenance and secure against multiple threats. So, an ideal UTM should have all essential components such as a gateway level anti-virus, spam filter, content filter, bandwidth shaping solution, proxy, firewall and an IDS/IPS system. Additionally, it should also have a good log capturing and monitoring system.

Well all these are individual solutions unto themselves and so, testing all these features before you decide on a UTM device becomes an enormous task. In this article, we delve into these concerns and discuss some of the simpler points to be kept in mind before you buy a UTM device for your organization.

The virus question
Different people have different reasons for buying a UTM device. For some, it is a one stop security solution for his whole infrastructure but for others it is just a second line of defense. And so we have different products for different requirements. For instance, there are UTM devices for eg, from Fortinet which don't come with a full set of virus definition; rather they come with virus signatures which are 'on the wild,' which means those viruses that are active on the Internet. There are positives and negatives to both situations. The devices which only have signatures of active viruses will check an incoming packet for fewer sets of virus signatures; and as a result the performance will be better compared with the performance of a device which has a huge set of virus signatures. But the flip side is if someone with a malicious intent knows that you are using such a device that doesn't detect a dormant virus, then he can actually attack and infect your network with such viruses unless and until you have some other mechanism to fight back such viruses. Generally, devices with database of wild viruses only, claim that whenever a dormant virus gets active, they would push the signature for the virus to the device. Now we are not sure (and there is no specific way to test it as well) that in case a dormant virus gets active in a smaller area and doesn't trip their honeypots then what will happen. We think that's the reason why vendors with such UTMs portray these devices as a second line of defense for your network and require a client level antivirus running on all machines. So, if performance is of high priority and you already have a setup of good anti-viruses running on all clients in your network, and just want an additional level for security against viruses on the wild, then a device with lesser definitions is a better option. Else you should go for one which has a larger number of and more detailed virus definitions.

An Open Source UTM with features comparable to commercial UTMs. It's very cost-effective and can be configured on just a separate machine

Paid or free?
This is another most important question which arises while acquiring new UTM devices. A standard UTM device which can handle a load of 100 to 500 users and has most of the requirements will cost you some where between 2 to 5 Lakhs of INR. Whereas you can get most of the functionalities of such devices by using an Open Source UTM device where the software or license cost will be Zero. All you have to pay for is the hardware which will hardly cost you 50k.

But of course there will be no service or support with such a deal. And this means that you have to have a good IT team in house to first build and then maintain such devices.

Now, let's take the case where you have a number of branch offices. Let's say, you have 30 different branch offices with at least 100 users at each location. Now if you have to spent 2lakh per branch then you will end up spending 60lakhs just for securing your branches. Rather in such a case you can use a commercial UTM at your central office and go with the Open Source UTM in the branches.

Some UTM devices provide very intuitive wizard driven VPN configuration, which simplifies the process of deploying a VPN

Page(s) 1 2




	How to Choose the Right Server?
	Nine Servers Stretched
	25 Color & Monochrome Lasers for Every Need and Budget
	SHOOTOUT: Notebooks for Professionals

Untitled 1

Do you know your Linux is SAP ready?

e-Book guide to improve your PPM Process

Remove Uncertainty with SAP

Magazine Subscription | RQS | Contact Us | Team PCQuest

	Other CyberMedia web sites [Dataquest] [Voice&Data] [CIOL] [Living Digital] [IDC India] [DQ Channels] [the DQweek] [CyberMedia India] [Cybermedia Careers] [CyberMedia Events] [Cybermedia Digital] [CyberAstro] [Global Services Media] [BioSpectrum] [BioSpectrum Asia] [Computer Shopper] [College Buying Guide] [Voice&DataConnect]