When I set out to test a collection of new small business firewalls for Network World, I wanted to find a place that could illustrate their need. I was fortunate to find Mercury Labs, which despite their name is a video production and public relations company of about 10 people located in midtown St. Louis, not far away from my office. Over the course of a couple of weeks, I brought in several different unified threat management boxes to try out, including Check Point Software’s 640, Dell/Sonicwall’s NSA250MW, Elitecore Technologies’ Cyberoam CR35iNG, Fortinet’s FortiGate 100-D, Juniper Networks’ SSRX220H-POE, Kerio Technologies’ Control 1100, Sophos/Astaro’s UTM 220, and Watchguard Technolgies’ XTM330.
Mercury was instructive because before I got there, they didn’t really have a lot of protection on their Internet connection: the only device connected to their cable modem was an Apple Airport. Relying on NAT does not a firewall make. Over the course of my tests, they were intrigued to see the consistent number of attacks coming across the big bad Internet as we could capture them in real time. Think of a sewer line that is encased in clear plastic so you can see the flow of filth.
Several of the vendors sent in their techs to help me with the tests, something that I always welcome because we always find bugs in any product. In fact we found a killer bug in the top-rated product from Check Point. The tech was making some frantic calls back to his developers in Israel where they quickly found and fixed the bug and sent us the new firmware.
Small businesses have lots of choices when it comes to protecting their network. You can buy a home router for less than $50 from any number of consumer networking vendors, or you can spend more than $4,000 for one of the more than a dozen firewalls from the enterprise security vendors. The UTM products lie in between those price points.
The UTM products include more than just a firewall: there is intrusion detection and prevention, network-based anti-virus and anti-spam screening, virtual private network connections (VPNs), and content filtering on outbound Web browsing to prevent phishing and browser-based attacks.
I liked the Check Point UTM because it had a nice balance of simplicity and power, and it was also the cheapest of the boxes that I tested. It worked well on the mostly Mac network at Mercury, something not all of its competitors could claim. You can see a sample screen from Check Point’s box below.
You can see lots more screencaps here. And you can read my review in Network World here.
David,
Your observations are typical of what I see. But, you miss some very obvious conclusions, probably because you were focused on the UTM appliances themselves.
(1) The customer isn’t always right. If they were, they would have had a firewall in the first place.
(2) Networks grow organically and if management isn’t looking closely, you get sub-optimal configurations, performance, etc.
(3) Support is important. While vendor support is important, support by the seller is even more important. Even getting the right product for the need is a non-trivial task.
(4) This is a prime example of one of the great failings of our industry. “Take our pill and all your problems will be solved.” “It has a GUI, so anyone can handle it.” Our marketing must be written by the programmers of the products. These statements are patent bullshit.
(5) Success often depends on the willingness to go through pain and have failures.
(6) The success of a project is less about the technology, than goals and strategy, policies, procedures, standards, notifications, ongoing management and technical support, ongoing resource availability, training, expectations, and knowledge of the players involved. And, maybe most of all, it has to do with a different kind of support, acceptance by both management, techs, and end users that this is something that should be done. Technology is only a tool for making the people more productive. And the most important word in that last sentence was people.
(7) Consumer, SOHO, SMB, Enterprise, Industrial, and Government products all have their place. Trying to use a moving van to drive around to buy groceries isn’t usually a good idea.
(8) Who you buy from makes a big difference. The purchase of your hardware and software is probably the smallest cost you will be dealing with. Find someone you can work with. Avoid buying from the manufacturer. Buy from a dealer who supports the product (probably not an on line reseller). You will have two places to go for help and support.
(9) Manufacturer support for a security or networking product, and a UTM is both, is extremely important. If you have an issue, you want to be able to get it fixed now, even if it requires a software rewrite.
(10) There are lots of “knobs” to these devices and most LAN people are unfamiliar with them. They need help.