Slashdot Mirror

← Back to Stories (view on slashdot.org)

Testing So-Called 'Unified Threat Managers'

Posted by Soulskill on from the ain't-no-silver-bullet dept.

snydeq writes "The InfoWorld Test Center has released vulnerability testing results for four so-called 'unified threat managers' — single units that combine firewall, VPN, intrusion detection and prevention, anti-malware, anti-spam, and Web content filtering in lieu of a relay rack stuffed top to bottom with appliances. The lab threw nearly 600 exploits of known vulnerabilities in a wide range of popular OSes, applications, and protocols, and despite being designed to thwart such threats, the UTMs as a class allowed hundreds to pass through. Why did the UTMs miss so many exploits? A lack of horsepower to perform the necessary deep packet inspection under load is suspected, as the lab pushed the limits of each unit's throughput with legitimate traffic. 'The upshot is, although the vendors have packed these devices with additional gateway security functions, clearly many UTMs are still strictly firewalls at heart.'"

3 of 98 comments (clear)

  1. I used to love Sonicwall by C_Kode · · Score: 3, Interesting

    I used to be a big SonicWall fan, until I joined a company that required IM messaging and used Vonage. Sonicwall causes a bunch of issues with AIM's protocol. IM will go into a blackhole, a user cannot connect, etc. We were using them at the small remote offices, but we replaced them with Juniper SSGs. The Vonage and AIM issues vanished once we switched over.

  2. Re:No Cisco product? by houstonbofh · · Score: 3, Interesting

    > It would have been nice to see how the ASA5500 series appliances stood up to the test.

    If you send them one I'm sure they'll test it. It appears that Cisco wouldn't.

    They also didn't include Untangle, http://www.untangle.com/ which is available free, and is a direct competitor to the things tested. So it might be other reasons...

  3. Re:general purpose != good by agristin · · Score: 3, Interesting

    UTM is a crock. It loads multiple single purpose apps on to a general purpose computing device and then tries to do it quickly.

    The best thing in this field I've seen recently is Palo Alto Networks firewall (www.paloaltonetworks.com).

    Knows the applications, even web apps. It can tell the difference between Gmail and gchat. Bittorent and wow torrent patching. Can do user based rules when integrated with AD. And can proxy SSL to look in the SSL stream if necessary. Malware blocking, url filtering via subscription. Because ports or protocols != applications and IP address != user anymore.