Easy Read Time: 4 Minutes

Unified Threat Management (UTM) or SMB Multifunction Firewalls: Best tools

UTM or SMB multifunctional firewalls, provide SMBs and distributed businesses with various security capabilities within a single system. Leaders in security and risk management have the choice to pick one of the best vendors, depending on their needs and geography. The market for unified threat management (UTM) is defined as multifunction firewalls used by small to medium-sized businesses (SMBs). Mid-size businesses typically have between 100 and 1,000 employees. UTM vendors are increasingly introducing new features to UTM systems, thereby encompassing many other network security options, including:

  • Fireworks
  • Centralized management consoles
  • Advanced malware detection
  • Intrusion prevention systems (IPSs)
  • VPNs
  • Secure web gateways (SWGs)

Unified Threat Management (UTM) – Gartner magic quadrants

Browser-based control, ease of deployment, embedded reporting, VPN, customized applications, outstanding partner support, and documentation are not particularly appealing to large enterprises but are highly valued in this market by SMBs. There are very different demands for the firewall markets from large-scale enterprises and office branches. Generally, these require more complex network security functionality and are tailored for very different criteria of selection.

The descriptions of some of the best UTM tools are as follows:

Fortinet

Fortinet is a security and network player, headquartered in Sunnyvale, California. With recent additions such as FortiWeb (the webserver firewall), FortiMail, FortiSandbox, FortiSIEM, and FortiCASB it is expanding its product range regularly. Its other portfolio products address network security, endpoint protection, wireless access points, and switches. FortiGate firewalls continue to be the most successful and widest-selling product. Recent updates include the expansion of Fortinet ‘s support to multiple public IaaS platforms including Google, IBM, Oracle. It has also introduced its appliances for the E-Series firewall. In addition, major updates include the launching of FortiOS 5.6 in and FortiOS 6.0. Fortinet is prominent on the UTM shortlists of SMB customers searching for good wireless security features. It is also a good shortlist option for SMBs looking to consolidate for other network security needs, such as web application firewalls, and security information and event management (SIEM), toward a single vendor. The vendor also wins deals where the introduction of SD-WAN is the main use case. The integrated wireless controller feature in the UTM solution from Fortinet is a strong and desirable feature for SMB’s. Fortinet has integrated a complete wireless controller into the firewall, thus allowing wireless network management as part of the security solution.  FortiCloud and FortiManager fully manage this. Fortinet UTM lacks built-in support for the quarantine and encryption of end-user emails. To get those features, customers must use FortiMail, which is a separate product. Fortinet offers the FortiGuard Industrial Security Program, which delivers signature patches for common ICS / supervisory control and data acquisition protocols (SCADA); This comes with a separate subscription, that SMBs running such systems will use. FortiCloud, the unified cloud-based management interface, has restricted flexibility relative to on-site control tools and lacks granular functionality.

https://www.fortinet.com/products/smallbusiness/utm

Sophos

Sophos is a security network and endpoint vendor with headquarters in Abingdon, UK. Sophos’ portfolio includes firewalls (XG Series, older SG Series, and CR series). Sophos has 19 XG versions, and three Remote Ethernet Devices (RED) versions, which are small office plug-and-play devices. Sophos offers refined and integrated endpoint management, monitoring, and visibility through a single UTM console, which makes it easier to manage and prevent advanced malware. It also offers several other endpoint security solutions, including a wireless access point (Sophos AP Series), and unified endpoint management (Sophos Mobile). The name of the unified management platform is Sophos Firewall Manager (SFM), and Sophos Central is the cloud-based integrated control hub for all Sophos security products. Recent updates include a new XG Firewall version 17 with enhanced endpoint integration leveraging application control, as well as an update to its Sandstorm cloud sandbox solution with integration from its next-generation endpoint product (Intercept X). Sophos has a very good list of SMBs that seek multiple integrated features in their firewall, such as email and web DLP, email encryption, and a web app firewall. Sophos is also a reasonable choice for SMBs looking to combine their UTM solutions with solid and mature endpoints to promote their management and correlation.

https://www.sophos.com/en-us/products/unified-threat-management.aspx

Check Point Software Technologies

As a Leader, Check Point Applications Technologies is reviewed as it continues to have one of the highest market shares in UTM. The company provides a comprehensive range of apps with a clear spatial approach across distributed regional offices in various geographies and networks, as well as support for multiple local network applications and data-loss prevention (DLP) system forms. Check Point is a pure-play global security provider with its product lines that include network security, endpoint protection, mobile threat security, and cloud security. Its product line UTM and firewall are known as Check Point Security Gateways. Relevant news updates include the announcement of its threat detection solution for SaaS, CloudGuard SaaS. They also include the introduction of the R80.10 firmware and the rebranding of their vSEC products, CloudGuard IaaS, AWS, the Google Cloud Platform, Azure, Azure stack, Oracle Cloud and Alibaba. SMBs looking for mature, on-site centralized management capabilities with robust UTM functionality and deep anti-ransomware and DLP capability can choose Check Point UTM solutions.

https://www.esecurityplanet.com/products/check-point-utm.html

https://www.checkpoint.com/products/cyber-security-management/

WatchGaurd

it aims to work on SMB market security requirements. It is consistently introducing upgrades to boost advanced capabilities for threat prevention and integration between its endpoints and UTM. Its roadmap also exhibits a strong focus on improving an end-user network’s detection and response capabilities. WatchGuard has offices in Seattle, Washington. Its range of products includes UTM offerings, endpoint security multifactor authentication (MFA), and wireless APs. Its line of UTM goods is called Firebox. WatchGuard Dimension is their centralized product for management. Furthermore, WatchGuard offers virtual devices for public cloud installation, including XTMv, FireboxV, and Firebox Cloud. The WatchGuard host sensor is its endpoint product. The latest WatchGuard news includes six new UTM models from the T series and four new, high-performance UTM models from the M series.  acquired Percipient Networks, along with the acquisition of Datablink and the launch of AuthPoint, a cloud-based MFA service.  The vendor has also introduced improvements to its offering on a VPN. WatchGuard is a good candidate for SMBs and distributed organizations that need a full range of features.

https://www.watchguard.com/wgrd-solutions/unified-threat-management

Cisco

Cisco continues to offer new technologies through its product line Meraki MX built for distributed sites, campuses, and VPN concentrators. In addition to Meraki MX, Cisco also markets Cisco Adaptive Security Appliance (ASA), Cisco ASA with FirePOWER services, and Cisco Firepower with low-end mid-sized enterprise or branch implementations for other SMB use cases. Its security portfolio comprises firewalls (Firepower and Meraki MX), stand-alone IPS (Firepower), network traffic monitoring (Stealthwatch), a secure cloud (Umbrella), and CASB (Cloudlock) internet gateway. There are also endpoint (Advanced Malware Protection [AMP] and AnyConnect) and cloud protection applications in Cisco. Cisco is addressing the UTM market through its various firewall product lines: MX, ASA, FirePOWER services, and Firepower services. Meraki MX products are managed in branch or distributed deployment via cloud-based management with SD-WAN capabilities. Cisco Firepower and ASA discuss the need for more robust defense capability, or the need to combine endpoints with current Firepower, TrustSec, and AMP. Recent updates include Cisco introducing the Azure and AWS Meraki MX virtual firewall vMX100. Cisco Meraki has launched teleworker appliances that provide 802.11ac Wave 2 wireless networking, and 4 Gbps and 6 Gbps firewall throughput appliances. Cisco Meraki is a good option for all SMBs and distributed organizations, particularly those pursuing a mature, cloud-based management platform for multiple UTM system management and monitoring. Cisco ASA and Cisco Firepower are good options for the use of deployment scenarios for other small to medium enterprises, such as perimeter and internal network segmentation.

https://community.cisco.com/t5/network-security/firewall-and-utm/td-p/2879879

https://www.cisco.com/c/en/us/products/security/firewalls/index.html

References:

https://www.gartner.com/technology/media-products/newsletters/sophos/1-5GVMBMU/gartner.html