Unified threat management (UTM) offers something approaching total security in a box for small and midsize enterprises (SMEs), combining multiple network security functions in a single appliance. In addition to standard firewalls, features in UTMs often include next-generation firewalls (NGFW), intrusion prevention systems (IPS), secure web gateways, secure email gateways, remote access, routing and WAN connectivity.
The UTM market hit $2.1 billion in revenue in the first quarter and grew at a 16.1% year-over-year rate, making it both the largest and fastest-growing security appliance market, according to IDC, as the ease and value of UTM appliances appeals to companies looking for a quick answer to growing cyber threats. Among future trends in the UTM space, Gartner expects more vendors to tunnel web traffic to cloud-based secure web gateways, and the analyst firm also expects greater UTM use for SaaS and mobile monitoring.
Each vendor incorporates a slightly different set of components in its UTM appliance, so it's important for buyers to determine if a UTM appliance has all the features they need. In its most recent Magic Quadrant (MQ) for this market, Gartner said the most common features for UTM include:
- Firewall (all UTM appliances)
- URL filtering (77 percent)
- IPS (70 percent)
- Web antivirus (51 percent)
- IPsec (63 percent) and SSL (46 percent) virtual private networking (VPN)
- Application control (46 percent)
- User control (41 percent)
- Anti-spam (41 percent)
- Quality of service (QoS) (41 percent)
The vendors covered in this guide scored well in the Gartner MQ and in Gartner peer reviews, among other criteria. For more information, see our top security vendor methodology.
Gartner calls Fortinet "the clear leader" in the UTM market and a "good shortlist candidate for all SMBs." Fortinet offers a range of UTM products as part of its FortiGate and FortiCloud lines. These appliances provide high-performance, multi-layered security, and unified visibility while reducing complexity. They leverage dedicated security processers and provide wireless access point controller, switch controller, integration, software-defined wide area network (SD-WAN), NGFW, IPS, anti-virus, Web filtering, content filtering, data loss prevention (DLP), VPN tunnel endpoint (SSL and IPSec), SSL inspection and advanced threat protection capabilities. The company gets high marks for pricing, performance, and an impressive threat intelligence team, while the management console, cloud management, malware prevention and support have room for improvement, Gartner reports.https://o1.qnsr.com/log/p.gif?;n=203;c=204660767;s=9477;x=7936;f=201812281314300;u=j;z=TIMESTAMP;a=20392941;e=i
WatchGuard's Firebox UTM
Gartner rates WatchGuard a well-executing visionary, not far from the market leaders. WatchGuard's Firebox UTM solutions provide enterprise-grade security, centralized management, performance at all price points, and network visibility. In addition to traditional UTM functions, such as firewall, VPN, antivirus, IPS and Web filtering, functions covered include application-layer inspection, deep packet inspection, email protection, malicious URL/domain filtering, application control, malware detection/behavioral sandboxing, DLP, HTTPS inspection, mobile security, and threat detection and response. The company gets high marks from users for its free endpoint detection and response (EDR) capability, reporting and analysis features, ease of implementation and use, and performance. Public cloud capabilities and support have room for improvement.
Barracuda F-Series CloudGen Firewall
Base functions for Barracuda's CloudGen Firewall include application control, user awareness, IPS, antivirus, gateway-based URL filter, SSL interception and inspection, Web proxy with cache, unlimited site-to-site VPN, unlimited client-to-site VPN and a spam filter. In addition, the company provides secure SD-WAN functionality, zero-touch deployment, cloud-based central management, advanced threat protection, SCADA and industrial control protocols enforcement, and the Tunnel Independent Network Architecture VPN protocol. The company gets high marks for value, ease of deployment and management, advanced threat detection, and support. Despite solid cloud offerings, the company lacks CASB integration. Barracuda appliances also lack endpoint support and options for the smallest and most sophisticated use cases.
Stormshield Network Security
Stormshield, based in France, has a strong presence in the European SMB market and offers support for regional compliance requirements. The company is branching out to other regions, including North America. Stormshield Network Security includes IPS, firewall, application control, VPN, vulnerability management, antivirus, antispam and Web filtering features. In addition, it conducts vulnerability assessments in real time. Traffic is analyzed, applications are detected, and vulnerabilities trigger an alert to the administrator. Dynamic host reputation capabilities are also includes. Users credit the company for its security policy, vulnerability detection, hardware, IP reputation feature, and performance with IPS enabled. Areas for improvement include support, false positives with IPS in default prevention mode, email security, and the basic URL filtering and antivirus modules. The company has taken steps to improve management and reporting.
Zyxel ZyWall Security
Taiwan-based Zyxel focuses on the smallest companies, from 5 to 500 employees, and as you'd expect, the product gets good marks for ease of implementation and use once you figure out its logic. Users report solid performance. Application-aware capabilities in ZyWall Security can granularly block viruses, malware, Web content, spam and other potential threats. The solution also includes gateway antivirus, gateway content Web filtering, gateway IDP and application control, gateway anti-spam, NGFW, and VPN (including IPSec, SSL and L2TP for remote client-to-site and site-to-site access).
Untangle NG Firewall
Untangle gets high marks from small and lower-midrange customers, and even offers a free software appliance for small and remote offices. Untangle NG Firewall includes a firewall, routing, Web filtering and IPS. In addition, it comes with content filtering, protection against ransomware, malware and advanced threats, application-based shaping for bandwidth optimization, and VPN connectivity options. A content filtering feature helps IT get a handle on any rogue applications, encrypted Web requests, malware distribution points, drive-by malvertising attempts or spam. NG Firewall works with Untangle's cloud-based threat intelligence service, ScoutIQ, and its centralized management platform, Command Center. Customers like the ease of implementation, flexible interface, reporting and support. Limited throughput, policy verification and advanced networking features are some of the limitations for larger customers.
Sophos XG Firewall
Gartner rates Sophos a Leader because of its ease of use and feature-rich security and integration with the company's endpoint security product. It is particularly strong with lower-midrange businesses. Sophos XG Firewall provides next-generation firewall protection, blocks unknown threats, automatically responds to security incidents by isolating compromised systems, and exposes hidden user, application and threat risks. It provides firewall, IPS, advanced threat protection (ATP), Web protection, application control, email anti-spam and encryption, and a web application firewall with reporting. It also enables Sophos Synchronized Security, which shares health status and other information between Sophos endpoints and XG Firewall.
SonicWall NSA 2650
SonicWall is a good candidate for most SMB uses, especially those who want cost-effective integrated wireless access management, says Gartner, but the vendor has been slow to offer a cloud management portal and virtual appliance. The SonicWall NSA 2650 delivers latency-free performance for simultaneous network streams. Thanks to its automation capabilities, small- to medium-sized IT teams can easily detect and stop attacks. It also uses cloud-based multi-engine sandboxing via the SonicWall Capture Advanced Threat Protection (ATP) service to decrypt and inspect encrypted traffic for unknown, zero-day threats over thousands of connections, for both wired and wireless networks. VPN connectivity, TLS inspection, sandboxing, endpoint integration with Kaspersky and McAfee, and centralized management are among SonicWall's strengths. Cloud management, support, and lack of email security and encryption integration are areas for improvement.
Check Point Appliances
Gartner rates Check Point a Leader for its enterprise-quality security features and ease of management. Recent improvements in areas like ransomware protection keep the company's position strong. The vendor is best for midrange organizations seeking strong security and robust management features. Strengths include threat detection, extraction and intelligence, intrusion prevention, sandboxing, reporting and auditing. Price, email quarantine, limited decryption and performance capacity are shortcomings. The appliances covered here – the Check Point 700 and 1400 – serve small and remote branch office deployments. They deliver sandboxing, threat protection, flexible network connectivity, firewall, IPS, IPsec VPN, application control, anti-spam, antivirus, anti-bot, URL filtering, email security, and user awareness.
Rohde & Schwarz Gateprotect
Germany-based Rohde & Schwarz is largely limited to German and EMEA markets, where channel support is available. The company gets strong marks for management and policy. Another selling point is its "no backdoor" policy – an effective pitch for those wary of U.S. vendors. Areas for improvement include sandboxing, threat intelligence, centralized monitoring and reporting, false positives, and support. Gateprotect UTM firewalls are designed to meet the security requirements of small and medium-sized companies to protect the network and data against spam, viruses and malware. Features include single sign-on, traffic shaping, QoS, IPSec/SSL intrusion detection and prevention system (IDS/IPS), Web filters and virus filters.