Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security IT

Testing So-Called 'Unified Threat Managers' 98

Posted by Soulskill from the ain't-no-silver-bullet dept.
snydeq writes "The InfoWorld Test Center has released vulnerability testing results for four so-called 'unified threat managers' — single units that combine firewall, VPN, intrusion detection and prevention, anti-malware, anti-spam, and Web content filtering in lieu of a relay rack stuffed top to bottom with appliances. The lab threw nearly 600 exploits of known vulnerabilities in a wide range of popular OSes, applications, and protocols, and despite being designed to thwart such threats, the UTMs as a class allowed hundreds to pass through. Why did the UTMs miss so many exploits? A lack of horsepower to perform the necessary deep packet inspection under load is suspected, as the lab pushed the limits of each unit's throughput with legitimate traffic. 'The upshot is, although the vendors have packed these devices with additional gateway security functions, clearly many UTMs are still strictly firewalls at heart.'"
This discussion has been archived. No new comments can be posted.

Testing So-Called 'Unified Threat Managers' More

Testing So-Called 'Unified Threat Managers'

Comments Filter:

  • I used to love Sonicwall (Score:4, Interesting)

    by C_Kode ( 102755 ) on Wednesday May 27, 2009 @12:51PM (#28111513) Journal

    I used to be a big SonicWall fan, until I joined a company that required IM messaging and used Vonage. Sonicwall causes a bunch of issues with AIM's protocol. IM will go into a blackhole, a user cannot connect, etc. We were using them at the small remote offices, but we replaced them with Juniper SSGs. The Vonage and AIM issues vanished once we switched over.

  • Comment removed (Score:2, Interesting)

    by account_deleted ( 4530225 ) on Wednesday May 27, 2009 @12:54PM (#28111581)
    Comment removed based on user account deletion

  • Testing Criteria? (Score:1, Interesting)

    by Anonymous Coward on Wednesday May 27, 2009 @12:58PM (#28111639)
    Tests like this usually favor the company that supplied the criteria and/or funding for the test. The results are exactly what you can expect. I'm sure that the other 3 companies tested could have supplied a criteria that favors them as well.

  • Re:No Cisco product? (Score:4, Interesting)

    by houstonbofh ( 602064 ) on Wednesday May 27, 2009 @01:04PM (#28111731)

    > It would have been nice to see how the ASA5500 series appliances stood up to the test.

    If you send them one I'm sure they'll test it. It appears that Cisco wouldn't.

    They also didn't include Untangle, http://www.untangle.com/ [untangle.com] which is available free, and is a direct competitor to the things tested. So it might be other reasons...

  • Not entirely surprising (Score:2, Interesting)

    by emocomputerjock ( 1099941 ) on Wednesday May 27, 2009 @01:04PM (#28111745)
    Having used Sonicwall products in the past, I can believe the results. They weren't the models tested but they were fairly effective for their price and performed well for a fairly small environment (around 100 or so employees). Sourcefire has some nice stuff as well. I'm sure other posters much more experienced with hobbitmon can chime in on the configuration and deployment of that but from what I've seen it was a nice component of home-built threat managers that also had snort and open-source firewalls on them.

  • Re:general purpose != good (Score:4, Interesting)

    by agristin ( 750854 ) on Wednesday May 27, 2009 @07:12PM (#28116875) Journal

    UTM is a crock. It loads multiple single purpose apps on to a general purpose computing device and then tries to do it quickly.

    The best thing in this field I've seen recently is Palo Alto Networks firewall (www.paloaltonetworks.com).

    Knows the applications, even web apps. It can tell the difference between Gmail and gchat. Bittorent and wow torrent patching. Can do user based rules when integrated with AD. And can proxy SSL to look in the SSL stream if necessary. Malware blocking, url filtering via subscription. Because ports or protocols != applications and IP address != user anymore.

  • Where was TippingPoint? (Score:3, Interesting)

    by c_g_hills ( 110430 ) <chaz @ c h az6.com> on Wednesday May 27, 2009 @07:44PM (#28117171) Homepage Journal
    I do not think much of a UTM test that does not include any products from TippingPoint, the current market leader.

  • Re:Flawed by Design. (Score:2, Interesting)

    by jonnyt886 ( 1252670 ) on Thursday May 28, 2009 @03:52AM (#28120279)
    Multiple security controls, yes, but these must be independent.

    If I have a firewall and an IDS on the same machine, and someone exploits a hole in the TCP stack or the IDS to get local root/admin priviledges, they then have control of not only the firewall but also the IDS. If I have two separate machines, a firewall and an IDS, if one gets compromised it does not affect the other.

    Thinking about it, the way to get around it in the case of a UTM is to use VMs for each task, but that will have a hit on performance presumably, as well as integration and thus usability.

  • Re:Flawed by Design. (Score:2, Interesting)

    by jonnyt886 ( 1252670 ) on Thursday May 28, 2009 @03:54AM (#28120293)
    Er, I should add that I totally agree with your point about the ease of management - this is definitely a benefit, particularly in smaller businesses (the cost of a UTM is also lower than that of separate IDS/firewall/anti-virus/etc appliances).

    My point was just that from the technical perspective is isn't optimal. Realisticly, it is a good compromise for those who can't afford/don't need anything better.

Slashdot Top Deals

Our OS who art in CPU, UNIX be thy name. Thy programs run, thy syscalls done, In kernel as it is in user!

Close