10 Top Unified Threat Management Vendors

SHARE

Unified threat management (UTM) offers something approaching total security in a box for small and midsize enterprises (SMEs), combining multiple network security functions in a single appliance. In addition to standard firewalls, features in UTMs often include next-generation firewalls (NGFW), intrusion prevention systems (IPS), secure web gateways, secure email gateways, remote access, routing and WAN connectivity.

The UTM market hit $2.1 billion in revenue in the first quarter and grew at a 16.1% year-over-year rate, making it both the largest and fastest-growing security appliance market, according to IDC, as the ease and value of UTM appliances appeals to companies looking for a quick answer to growing cyber threats. Among future trends in the UTM space, Gartner expects more vendors to tunnel web traffic to cloud-based secure web gateways, and the analyst firm also expects greater UTM use for SaaS and mobile monitoring.

Each vendor incorporates a slightly different set of components in its UTM appliance, so it's important for buyers to determine if a UTM appliance has all the features they need. In its most recent Magic Quadrant (MQ) for this market, Gartner said the most common features for UTM include:

  • Firewall (all UTM appliances)
  • URL filtering (77 percent)
  • IPS (70 percent)
  • Web antivirus (51 percent)
  • IPsec (63 percent) and SSL (46 percent) virtual private networking (VPN)
  • Application control (46 percent)
  • User control (41 percent)
  • Anti-spam (41 percent)
  • Quality of service (QoS) (41 percent)

The vendors covered in this guide scored well in the Gartner MQ and in Gartner peer reviews, among other criteria. For more information, see our top security vendor methodology.

Fortinet UTM

Gartner calls Fortinet "the clear leader" in the UTM market and a "good shortlist candidate for all SMBs." Fortinet offers a range of UTM products as part of its FortiGate and FortiCloud lines. These appliances provide high-performance, multi-layered security, and unified visibility while reducing complexity. They leverage dedicated security processers and provide wireless access point controller, switch controller, integration, software-defined wide area network (SD-WAN), NGFW, IPS, anti-virus, Web filtering, content filtering, data loss prevention (DLP), VPN tunnel endpoint (SSL and IPSec), SSL inspection and advanced threat protection capabilities. The company gets high marks for pricing, performance, and an impressive threat intelligence team, while the management console, cloud management, malware prevention and support have room for improvement, Gartner reports.

See our in-depth look at Fortinet UTM
See user reviews of Fortinet UTM

WatchGuard's Firebox UTM

Gartner rates WatchGuard a well-executing visionary, not far from the market leaders. WatchGuard's Firebox UTM solutions provide enterprise-grade security, centralized management, performance at all price points, and network visibility. In addition to traditional UTM functions, such as firewall, VPN, antivirus, IPS and Web filtering, functions covered include application-layer inspection, deep packet inspection, email protection, malicious URL/domain filtering, application control, malware detection/behavioral sandboxing, DLP, HTTPS inspection, mobile security, and threat detection and response. The company gets high marks from users for its free endpoint detection and response (EDR) capability, reporting and analysis features, ease of implementation and use, and performance. Public cloud capabilities and support have room for improvement.

See our in-depth look at WatchGuard Firebox UTM
See user reviews of WatchGuard Firebox UTM

Barracuda F-Series CloudGen Firewall

Base functions for Barracuda's CloudGen Firewall include application control, user awareness, IPS, antivirus, gateway-based URL filter, SSL interception and inspection, Web proxy with cache, unlimited site-to-site VPN, unlimited client-to-site VPN and a spam filter. In addition, the company provides secure SD-WAN functionality, zero-touch deployment, cloud-based central management, advanced threat protection, SCADA and industrial control protocols enforcement, and the Tunnel Independent Network Architecture VPN protocol. The company gets high marks for value, ease of deployment and management, advanced threat detection, and support. Despite solid cloud offerings, the company lacks CASB integration. Barracuda appliances also lack endpoint support and options for the smallest and most sophisticated use cases.

See our in-depth look at Barracuda F-Series CloudGen Firewall
See user reviews of Barracuda F-Series CloudGen Firewall

Stormshield Network Security

Stormshield, based in France, has a strong presence in the European SMB market and offers support for regional compliance requirements. The company is branching out to other regions, including North America. Stormshield Network Security includes IPS, firewall, application control, VPN, vulnerability management, antivirus, antispam and Web filtering features. In addition, it conducts vulnerability assessments in real time. Traffic is analyzed, applications are detected, and vulnerabilities trigger an alert to the administrator. Dynamic host reputation capabilities are also includes. Users credit the company for its security policy, vulnerability detection, hardware, IP reputation feature, and performance with IPS enabled. Areas for improvement include support, false positives with IPS in default prevention mode, email security, and the basic URL filtering and antivirus modules. The company has taken steps to improve management and reporting.

See our in-depth look at Stormshield Network Security
See user reviews of Stormshield Network Security

Zyxel ZyWall Security

Taiwan-based Zyxel focuses on the smallest companies, from 5 to 500 employees, and as you'd expect, the product gets good marks for ease of implementation and use once you figure out its logic. Users report solid performance. Application-aware capabilities in ZyWall Security can granularly block viruses, malware, Web content, spam and other potential threats. The solution also includes gateway antivirus, gateway content Web filtering, gateway IDP and application control, gateway anti-spam, NGFW, and VPN (including IPSec, SSL and L2TP for remote client-to-site and site-to-site access).

See our in-depth look at Zyxel ZyWall Security

Untangle NG Firewall

Untangle gets high marks from small and lower-midrange customers, and even offers a free software appliance for small and remote offices. Untangle NG Firewall includes a firewall, routing, Web filtering and IPS. In addition, it comes with content filtering, protection against ransomware, malware and advanced threats, application-based shaping for bandwidth optimization, and VPN connectivity options. A content filtering feature helps IT get a handle on any rogue applications, encrypted Web requests, malware distribution points, drive-by malvertising attempts or spam. NG Firewall works with Untangle's cloud-based threat intelligence service, ScoutIQ, and its centralized management platform, Command Center. Customers like the ease of implementation, flexible interface, reporting and support. Limited throughput, policy verification and advanced networking features are some of the limitations for larger customers.

See our in-depth look at Untangle NG Firewall
See user reviews of Untangle NG Firewall

Sophos XG Firewall

Gartner rates Sophos a Leader because of its ease of use and feature-rich security and integration with the company's endpoint security product. It is particularly strong with lower-midrange businesses. Sophos XG Firewall provides next-generation firewall protection, blocks unknown threats, automatically responds to security incidents by isolating compromised systems, and exposes hidden user, application and threat risks. It provides firewall, IPS, advanced threat protection (ATP), Web protection, application control, email anti-spam and encryption, and a web application firewall with reporting. It also enables Sophos Synchronized Security, which shares health status and other information between Sophos endpoints and XG Firewall.

See our in-depth look at Sophos XG Firewall
See user reviews of Sophos XG Firewall

SonicWall NSA 2650

SonicWall is a good candidate for most SMB uses, especially those who want cost-effective integrated wireless access management, says Gartner, but the vendor has been slow to offer a cloud management portal and virtual appliance. The SonicWall NSA 2650 delivers latency-free performance for simultaneous network streams. Thanks to its automation capabilities, small- to medium-sized IT teams can easily detect and stop attacks. It also uses cloud-based multi-engine sandboxing via the SonicWall Capture Advanced Threat Protection (ATP) service to decrypt and inspect encrypted traffic for unknown, zero-day threats over thousands of connections, for both wired and wireless networks. VPN connectivity, TLS inspection, sandboxing, endpoint integration with Kaspersky and McAfee, and centralized management are among SonicWall's strengths. Cloud management, support, and lack of email security and encryption integration are areas for improvement.

See our in-depth look at SonicWall NSA 2650
See user reviews of SonicWall NSA 2650

Check Point Appliances

Gartner rates Check Point a Leader for its enterprise-quality security features and ease of management. Recent improvements in areas like ransomware protection keep the company's position strong. The vendor is best for midrange organizations seeking strong security and robust management features. Strengths include threat detection, extraction and intelligence, intrusion prevention, sandboxing, reporting and auditing. Price, email quarantine, limited decryption and performance capacity are shortcomings. The appliances covered here – the Check Point 700 and 1400 – serve small and remote branch office deployments. They deliver sandboxing, threat protection, flexible network connectivity, firewall, IPS, IPsec VPN, application control, anti-spam, antivirus, anti-bot, URL filtering, email security, and user awareness.

See our in-depth look at Check Point appliances
See user reviews of Check Point appliances

Rohde & Schwarz Gateprotect

Germany-based Rohde & Schwarz is largely limited to German and EMEA markets, where channel support is available. The company gets strong marks for management and policy. Another selling point is its "no backdoor" policy – an effective pitch for those wary of U.S. vendors. Areas for improvement include sandboxing, threat intelligence, centralized monitoring and reporting, false positives, and support. Gateprotect UTM firewalls are designed to meet the security requirements of small and medium-sized companies to protect the network and data against spam, viruses and malware. Features include single sign-on, traffic shaping, QoS, IPSec/SSL intrusion detection and prevention system (IDS/IPS), Web filters and virus filters.

See our in-depth look at Gateprotect UTM firewalls

Top Unified Threat Protection (UTM) Providers
VendorUse CasesMetricsIntelligenceDeliveryPricing
FortinetDeployed as general- purpose edge firewalls and internal segmentation firewallsShipped more UTM devices than the next three competitors combinedFortiGuard Labs uses a variety of tools, including machine learning and artificial intelligence (Al), to discover and defeat malwarePhysical/virtual appliances and public cloudsPrices start at $400
WatchGuardSmall and medium businesses and distributed enterprisesThroughput:Firewal (60 Gbps), VPN(10 Gbps), AV (12 Gbps), IPS (16 Gpbs), UTM (11 Gbps); 12.7 million concurrent connections and 240,000 new connections per secondTraditional signatures, aggregated threat data, appliance feedback loops to refresh black lists,behavioral-based malware detection, and machine learningHardware and virtual appliances and public cloudStarting at $290
BarracudaFor companies with up to 10 locationsFirewall throughput ranges from 1 Gbps to more than 40 GbpsMultiple layers of behavioral,heuristic and static code analysis as well as cloud-based sandboxingHardware and virtual appliances and public cloudStarts at $734 plus $136 for basic support and one-year updates
StormshieldEuropean markets for defense and government, SMBs and industrial marketsIPS throughput ranges from 1,800 Mbps to 130 GbpsStormshield Visibility Center analyzes logs to control network security, and a vulnerability assessment engine is embedded in every UTMHardware and virtual appliances and public cloudThe smallest appliance (SN160) is $545 (maintenance costs 20% more)
ZyxelBusinesses from 5 to 500 usersUp to 40,000 sessions, firewall throughput of up to 250 MbpsCloud signature updates for the different UTM services, which adapt to the latest threatsHardware appliance with cloud componentUTM-enabled devices including one year of service range from $425 to $4,800
UntangleDesigned for the below-enterprise market:small businesses, home offices,nonprofits, schools and small governmental organizationsUntangle says it doesn't publish what it considers to be misleading and hardware-dependent performance numbersUntangle ScoutlQ aggregates data about threats seen in the wild on all NG Firewall deployments worldwideTurnkey appliance, virtual machine,can be downloaded and run on hardware,and is available for public cloud deployment for AWS and AzureUp to 25 devices for one year is $540. Unlimited licensing, $12,900 per year
SophosSMB and mid-marketUp to140 Gbps firewall throughput and 11.8 Gbps NGFW throughputIntegrates with Sophos Central Endpoint for root-cause-analytics, and machine learning is integrated into its cloud-sandbox solutionHardware and virtual appliances and public cloudPricing starts at $249 per year for an entry- level XG 85 appliance
SonicWallSonicWall TZ Series is targeted at SMBs,the midmarket, retailand branch off ices,and campusesCan protect more than 300,000 usersMachine learning algorithms are used to analyze data and classify and block known malwareOn-premises appliances$2,495
Check PointFrom the home office to the SME,as well as branch and remote officesOptimized to deliver up to 550 Mbps of threat prevention throughputSandBlast Zero-Day Protection does inspection at the CPU- level to stop attacks before they have a chance to launchHardware appliancePrices start at $499 for the 730 small office threat prevention appliance
Rohde & SchwarzHome offices,remote offices,branch offices and SMEsConcurrent sessions : 32,500,New sessions per second: 3,000, 460 Mbps IDPS throughputUTM+300 includes a detector function, capable of encrypting data packets up to Layer 7Hardware applianceNo pricing provided