By: Frank Ohlhorst dnu
Netgear is looking to bring enterprise-level security to small businesses and branch offices with the ProSecure UTM (Unified Threat Management) 5, an all-in-one gateway security appliance that is chock full of security features. Netgear claims the UTM 5 can secure a small network from most any Internet-borne threat by aggressively scanning all inbound and outbound traffic for suspicious payloads.
Normally, it takes significant amounts of processing power to perform real-time deep packet inspection on network traffic. That holds true for small networks, as well as large ones. Add advanced security requirements, such as support for encryption, VPN access and malware prevention, and the need for processing power escalates. That posed a significant challenge for Netgear: provide enough processing power to protect the network in real time, without busting budgets. That formula gave birth to the ProSecure UTM 5, a sub-$300 security appliance that has an abundance of features and security capabilities.
Instead of starting with a clean slate, Netgear chose to scale down and base the UTM 5 on higher-end products from its successful family of ProSecure UTM appliances. The UTM 5 features much of the same capabilities as the higher-capacity UTM 10 and the UTM 25 security appliances, the primary difference coming down to processing power, number of concurrent connections and overall throughput.
Like the UTM 10 and the UTM 25, The UTM 5 offers an advanced firewall, antivirus, anti-spyware and anti-spam, as well as Web and e-mail scanning and content filters. The device is automatically updated every hour with signature updates from a database that includes more than 1 million malware signatures. The virus-scanning engine offers throughput of 15M bps, which should be more than adequate for about five concurrent users. The UTM 10 increases that throughput to 20M bps, while the UTM 25 pushed throughput to 25M bps. Obviously, the UTM 5's lower throughput is a concession to pricing pressures-the UTM 5's street price of under $300 makes it affordable for even the smallest of businesses.
Malware is handled using an antivirus engine from Sophos, which is updated hourly with new signatures. The device also looks for application and traffic anomalies to prevent zero-day threats from compromising the network. Anti-spam is handled "in the cloud" via a hosted service provided by Netgear's security partner, Mailshell, and integrates with the UTM 5's Stream Scanning technology. Stream Scanning is Netgear's secret weapon, as it reduces latency and processor overhead. It works by receiving and analyzing traffic as the stream enters the network. That means the receiving, scanning and outputting processes occur concurrently. As Web traffic enters the device, scanning commences.
As the scan engine scans incoming traffic, another thread starts outputting the bytes that have been scanned. The result is that Internet traffic is scanned virtually in real time. Other devices on the market, especially in this price range, use batch scanning, where antivirus, anti-spam and anti-phishing scans are done in batches individually, which can create significant latency on the network.
Netgear also takes a hybrid approach to Web filtering. Stream Scanning does the heavy lifting of filtering the traffic, while the Web filtering database and categorization occurs in the cloud via a service provided by Commtouch, a Netgear security partner that specializes in Web filtering.
Administrators have the option of choosing SSL or IPSec VPNs for remote, secure connectivity. The SSL VPN proved to be very easy to set up, thanks to a setup wizard that automates most of the process. A wizard is also provided for IPSec VPN setup, and although very easy to set up, the process requires that an administrator has a keen understanding of how IPSec connectivity works. In other words, the SSL VPN setup wizard is almost idiot-proof, while IPSec VPN setups take a little background knowledge.