Top 10 Unified Threat Management (UTM) Software Vendors

Unified threat management (UTM) offers something approaching total security in a box for small and midsize enterprises (SMEs), combining multiple network security functions in a single appliance. In addition to standard firewalls, features in UTMs often include next-generation firewalls (NGFW), intrusion prevention systems (IPS), secure web gateways, secure email gateways, remote access, routing and WAN connectivity.

The UTM market hit $2.1 billion in revenue in the first quarter and grew at a 16.1% year-over-year rate, making it both the largest and fastest-growing security appliance market, according to IDC, as the ease and value of UTM appliances appeals to companies looking for a quick answer to growing cyber threats. Among future trends in the UTM space, Gartner expects more vendors to tunnel web traffic to cloud-based secure web gateways, and the analyst firm also expects greater UTM use for SaaS and mobile monitoring.

Features of UTM Software

Each vendor incorporates a slightly different set of components in its UTM appliance, so it’s important for buyers to determine if a UTM appliance has all the features they need. In its most recent Magic Quadrant (MQ) for this market, Gartner said the most common features for UTM include:

  • Firewall (all UTM appliances)
  • URL filtering (77 percent)
  • IPS (70 percent)
  • Web antivirus (51 percent)
  • IPsec (63 percent) and SSL (46 percent) virtual private networking (VPN)
  • Application control (46 percent)
  • User control (41 percent)
  • Anti-spam (41 percent)
  • Quality of service (QoS) (41 percent)

Top Unified Threat Management (UTM) Vendors

The vendors covered in this guide scored well in the Gartner MQ and in Gartner peer reviews, among other criteria. For more information, see our top security vendor methodology.

Fortinet UTM

Gartner calls Fortinet “the clear leader” in the UTM market and a “good shortlist candidate for all SMBs.” Fortinet offers a range of UTM products as part of its FortiGate and FortiCloud lines. These appliances provide high-performance, multi-layered security, and unified visibility while reducing complexity. They leverage dedicated security processers and provide wireless access point controller, switch controller, integration, software-defined wide area network (SD-WAN), NGFW, IPS, anti-virus, Web filtering, content filtering, data loss prevention (DLP), VPN tunnel endpoint (SSL and IPSec), SSL inspection and advanced threat protection capabilities. The company gets high marks for pricing, performance, and an impressive threat intelligence team, while the management console, cloud management, malware prevention and support have room for improvement, Gartner reports.

See our in-depth look at Fortinet UTM

WatchGuard’s Firebox UTM

Gartner rates WatchGuard a well-executing visionary, not far from the market leaders. WatchGuard’s Firebox UTM solutions provide enterprise-grade security, centralized management, performance at all price points, and network visibility. In addition to traditional UTM functions, such as firewall, VPN, antivirus, IPS and Web filtering, functions covered include application-layer inspection, deep packet inspection, email protection, malicious URL/domain filtering, application control, malware detection/behavioral sandboxing, DLP, HTTPS inspection, mobile security, and threat detection and response. The company gets high marks from users for its free endpoint detection and response (EDR) capability, reporting and analysis features, ease of implementation and use, and performance. Public cloud capabilities and support have room for improvement.

See our in-depth look at WatchGuard’s Firebox UTM

Barracuda F-Series CloudGen Firewall

Base functions for Barracuda’s CloudGen Firewall include application control, user awareness, IPS, antivirus, gateway-based URL filter, SSL interception and inspection, Web proxy with cache, unlimited site-to-site VPN, unlimited client-to-site VPN and a spam filter. In addition, the company provides secure SD-WAN functionality, zero-touch deployment, cloud-based central management, advanced threat protection, SCADA and industrial control protocols enforcement, and the Tunnel Independent Network Architecture VPN protocol. The company gets high marks for value, ease of deployment and management, advanced threat detection, and support. Despite solid cloud offerings, the company lacks CASB integration. Barracuda appliances also lack endpoint support and options for the smallest and most sophisticated use cases.

See our in-depth look at Barracuda F-Series CloudGen Firewall

Stormshield Network Security

Stormshield, based in France, has a strong presence in the European SMB market and offers support for regional compliance requirements. The company is branching out to other regions, including North America. Stormshield Network Security includes IPS, firewall, application control, VPN, vulnerability management, antivirus, antispam and Web filtering features. In addition, it conducts vulnerability assessments in real time. Traffic is analyzed, applications are detected, and vulnerabilities trigger an alert to the administrator. Dynamic host reputation capabilities are also includes. Users credit the company for its security policy, vulnerability detection, hardware, IP reputation feature, and performance with IPS enabled. Areas for improvement include support, false positives with IPS in default prevention mode, email security, and the basic URL filtering and antivirus modules. The company has taken steps to improve management and reporting.

See our in-depth look at Stormshield Network Security

Zyxel ZyWall Security

Taiwan-based Zyxel focuses on the smallest companies, from 5 to 500 employees, and as you’d expect, the product gets good marks for ease of implementation and use once you figure out its logic. Users report solid performance. Application-aware capabilities in ZyWall Security can granularly block viruses, malware, Web content, spam and other potential threats. The solution also includes gateway antivirus, gateway content Web filtering, gateway IDP and application control, gateway anti-spam, NGFW, and VPN (including IPSec, SSL and L2TP for remote client-to-site and site-to-site access).

See our in-depth look at Zyxel ZyWall Security

Untangle NG Firewall

Untangle gets high marks from small and lower-midrange customers, and even offers a free software appliance for small and remote offices. Untangle NG Firewall includes a firewall, routing, Web filtering and IPS. In addition, it comes with content filtering, protection against ransomware, malware and advanced threats, application-based shaping for bandwidth optimization, and VPN connectivity options. A content filtering feature helps IT get a handle on any rogue applications, encrypted Web requests, malware distribution points, drive-by malvertising attempts or spam. NG Firewall works with Untangle’s cloud-based threat intelligence service, ScoutIQ, and its centralized management platform, Command Center. Customers like the ease of implementation, flexible interface, reporting and support. Limited throughput, policy verification and advanced networking features are some of the limitations for larger customers.

See our in-depth look at Untangle NG Firewall

Sophos XG Firewall

Gartner rates Sophos a Leader because of its ease of use and feature-rich security and integration with the company’s endpoint security product. It is particularly strong with lower-midrange businesses. Sophos XG Firewall provides next-generation firewall protection, blocks unknown threats, automatically responds to security incidents by isolating compromised systems, and exposes hidden user, application and threat risks. It provides firewall, IPS, advanced threat protection (ATP), Web protection, application control, email anti-spam and encryption, and a web application firewall with reporting. It also enables Sophos Synchronized Security, which shares health status and other information between Sophos endpoints and XG Firewall.

See our in-depth look at Sophos XG Firewall

SonicWall NSA 2650

SonicWall is a good candidate for most SMB uses, especially those who want cost-effective integrated wireless access management, says Gartner, but the vendor has been slow to offer a cloud management portal and virtual appliance. The SonicWall NSA 2650 delivers latency-free performance for simultaneous network streams. Thanks to its automation capabilities, small- to medium-sized IT teams can easily detect and stop attacks. It also uses cloud-based multi-engine sandboxing via the SonicWall Capture Advanced Threat Protection (ATP) service to decrypt and inspect encrypted traffic for unknown, zero-day threats over thousands of connections, for both wired and wireless networks. VPN connectivity, TLS inspection, sandboxing, endpoint integration with Kaspersky and McAfee, and centralized management are among SonicWall’s strengths. Cloud management, support, and lack of email security and encryption integration are areas for improvement.

See our in-depth look at SonicWall NSA 2650

Check Point Appliances

Gartner rates Check Point a Leader for its enterprise-quality security features and ease of management. Recent improvements in areas like ransomware protection keep the company’s position strong. The vendor is best for midrange organizations seeking strong security and robust management features. Strengths include threat detection, extraction and intelligence, intrusion prevention, sandboxing, reporting and auditing. Price, email quarantine, limited decryption and performance capacity are shortcomings. The appliances covered here – the Check Point 700 and 1400 – serve small and remote branch office deployments. They deliver sandboxing, threat protection, flexible network connectivity, firewall, IPS, IPsec VPN, application control, anti-spam, antivirus, anti-bot, URL filtering, email security, and user awareness.

See our in-depth look at Check Point Appliances

Rohde & Schwarz Gateprotect

Germany-based Rohde & Schwarz is largely limited to German and EMEA markets, where channel support is available. The company gets strong marks for management and policy. Another selling point is its “no backdoor” policy – an effective pitch for those wary of U.S. vendors. Areas for improvement include sandboxing, threat intelligence, centralized monitoring and reporting, false positives, and support. Gateprotect UTM firewalls are designed to meet the security requirements of small and medium-sized companies to protect the network and data against spam, viruses and malware. Features include single sign-on, traffic shaping, QoS, IPSec/SSL intrusion detection and prevention system (IDS/IPS), Web filters and virus filters.

See our in-depth look at Rohde & Schwarz Gateprotect

Compare Top Unified Threat Management (UTM) Providers

Vendor Use Cases Metrics Intelligence Delivery Pricing
Fortinet Deployed as general- purpose edge firewalls and internal segmentation firewalls Shipped more UTM devices than the next three competitors combined FortiGuard Labs uses a variety of tools, including machine learning and artificial intelligence (Al), to discover and defeat malware Physical/virtual appliances and public clouds Prices start at $400
WatchGuard Small and medium businesses and distributed enterprises Throughput:Firewal (60 Gbps), VPN(10 Gbps), AV (12 Gbps), IPS (16 Gpbs), UTM (11 Gbps); 12.7 million concurrent connections and 240,000 new connections per second Traditional signatures, aggregated threat data, appliance feedback loops to refresh black lists,behavioral-based malware detection, and machine learning Hardware and virtual appliances and public cloud Starting at $290
Barracuda For companies with up to 10 locations Firewall throughput ranges from 1 Gbps to more than 40 Gbps Multiple layers of behavioral,heuristic and static code analysis as well as cloud-based sandboxing Hardware and virtual appliances and public cloud Starts at $734 plus $136 for basic support and one-year updates
Stormshield European markets for defense and government, SMBs and industrial markets IPS throughput ranges from 1,800 Mbps to 130 Gbps Stormshield Visibility Center analyzes logs to control network security, and a vulnerability
assessment engine is
embedded in every UTM
Hardware and virtual appliances and public cloud The smallest appliance
(SN160) is $545
(maintenance costs
20% more)
Zyxel Businesses from 5 to 500 users Up to 40,000 sessions, firewall throughput of up to 250 Mbps Cloud signature updates for the different UTM services, which adapt to the latest threats Hardware appliance with cloud component UTM-enabled devices including one year of service range from
$425 to $4,800
Untangle Designed for the below-enterprise market:small businesses, home
offices,nonprofits, schools and small
governmental organizations
Untangle says it doesn’t publish what it considers to be misleading and
hardware-dependent performance numbers
Untangle ScoutlQ aggregates data about threats seen in the
wild on all NG Firewall deployments
Turnkey appliance, virtual machine,can be downloaded and run on hardware,and is
available for public cloud deployment for AWS and Azure
Up to 25 devices for one year is $540. Unlimited licensing, $12,900 per year
Sophos SMB and mid-market Up to140 Gbps firewall throughput and 11.8 Gbps NGFW throughput Integrates with Sophos Central Endpoint for root-cause-analytics, and machine learning is integrated into its cloud-sandbox
Hardware and virtual appliances and public cloud Pricing starts at $249 per year for an entry- level XG 85 appliance
SonicWall SonicWall TZ Series is targeted at SMBs,the midmarket, retailand branch off ices,and campuses Can protect more than 300,000 users Machine learning algorithms are used to analyze data and classify and block known malware On-premises appliances $2,495
Check Point From the home office to the SME,as well as branch and remote offices Optimized to deliver up to 550 Mbps of threat prevention throughput SandBlast Zero-Day Protection does inspection at the CPU- level to stop attacks before they have a chance to launch Hardware appliance Prices start at $499 for the 730 small office threat prevention appliance
Rohde & Schwarz Home offices,remote offices,branch offices and SMEs Concurrent sessions : 32,500,New sessions per second: 3,000, 460 Mbps IDPS throughput UTM+300 includes a detector function, capable of encrypting data packets up to Layer 7 Hardware appliance No pricing provided
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Related articles