By: Frank Ohlhorst dnu
Netgear is looking to bring enterprise-level security to small businesses and branch offices with the ProSecure UTM (Unified Threat Management) 5, an all-in-one gateway security appliance that is chock full of security features. Netgear claims the UTM 5 can secure a small network from most any Internet-borne threat by aggressively scanning all inbound and outbound traffic for suspicious payloads.
Normally, it takes significant amounts of processing power to perform real-time deep packet inspection on network traffic. That holds true for small networks, as well as large ones. Add advanced security requirements, such as support for encryption, VPN access and malware prevention, and the need for processing power escalates. That posed a significant challenge for Netgear: provide enough processing power to protect the network in real time, without busting budgets. That formula gave birth to the ProSecure UTM 5, a sub-$300 security appliance that has an abundance of features and security capabilities.
Instead of starting with a clean slate, Netgear chose to scale down and base the UTM 5 on higher-end products from its successful family of ProSecure UTM appliances. The UTM 5 features much of the same capabilities as the higher-capacity UTM 10 and the UTM 25 security appliances, the primary difference coming down to processing power, number of concurrent connections and overall throughput.
Like the UTM 10 and the UTM 25, The UTM 5 offers an advanced firewall, antivirus, anti-spyware and anti-spam, as well as Web and e-mail scanning and content filters. The device is automatically updated every hour with signature updates from a database that includes more than 1 million malware signatures. The virus-scanning engine offers throughput of 15M bps, which should be more than adequate for about five concurrent users. The UTM 10 increases that throughput to 20M bps, while the UTM 25 pushed throughput to 25M bps. Obviously, the UTM 5’s lower throughput is a concession to pricing pressures-the UTM 5’s street price of under $300 makes it affordable for even the smallest of businesses.
Malware is handled using an antivirus engine from Sophos, which is updated hourly with new signatures. The device also looks for application and traffic anomalies to prevent zero-day threats from compromising the network. Anti-spam is handled “in the cloud” via a hosted service provided by Netgear’s security partner, Mailshell, and integrates with the UTM 5’s Stream Scanning technology. Stream Scanning is Netgear’s secret weapon, as it reduces latency and processor overhead. It works by receiving and analyzing traffic as the stream enters the network. That means the receiving, scanning and outputting processes occur concurrently. As Web traffic enters the device, scanning commences.
As the scan engine scans incoming traffic, another thread starts outputting the bytes that have been scanned. The result is that Internet traffic is scanned virtually in real time. Other devices on the market, especially in this price range, use batch scanning, where antivirus, anti-spam and anti-phishing scans are done in batches individually, which can create significant latency on the network.
Netgear also takes a hybrid approach to Web filtering. Stream Scanning does the heavy lifting of filtering the traffic, while the Web filtering database and categorization occurs in the cloud via a service provided by Commtouch, a Netgear security partner that specializes in Web filtering.
Administrators have the option of choosing SSL or IPSec VPNs for remote, secure connectivity. The SSL VPN proved to be very easy to set up, thanks to a setup wizard that automates most of the process. A wizard is also provided for IPSec VPN setup, and although very easy to set up, the process requires that an administrator has a keen understanding of how IPSec connectivity works. In other words, the SSL VPN setup wizard is almost idiot-proof, while IPSec VPN setups take a little background knowledge.
Installation and Setup
Installation and Setup
The UTM 5 is a very simple device to set up-the unit features five Gigabit Ethernet ports, with one port labeled as WAN and the other ports dedicated to the LAN portion of the network. One of those ports can be configured to act as a DMZ port, allowing a server or other system to be exposed to the Web.
Installation starts by simply plugging in the appropriate cables and pointing a browser at https://192.168.1.1. After log-in, a management console screen comes up, which shows some basic information about the device-such as load, number of connections and so on. The management screen offers a pull-down menu interface, with one of the choices being “wizards.” The UTM 5 offers three primary wizards: one for basic setup, another for IPSec VPN configuration and a third for SSL (Secure Sockets Layer) VPN.
The setup wizard does a decent job of stepping an administrator through the basic setup. However, the DHCP portion of the setup wizard could be a little more intuitive. For example, the Primary and Secondary DNS server fields are not auto-populated during setup.
A better process for setup would be to handle the WAN connectivity portion of device setup before anything else, instead of forcing administrators to look that information up or wonder how to handle DNS server address changes on nonstatic broadband WAN connections. The setup wizard also defines the default policies and filters to be activated.
Once the basic setup is accomplished, the license key must be entered, which activates the various services integrated into the device, such as Web protection, e-mail protection, and support and maintenance. If a key is not available, an administrator can choose to register the unit for a 30-day trial period.
Management and additional setup of the device is straightforward, thanks to the browser-based management console. The console provides easy access to the myriad functions of the UTM 5 and offers a very informative dashboard, as well as summary and statistics screens. The dashboard is updated in real time and shows exactly what is going on in the network.
The ProSecure UTM5 is available now through value-added resellers for an estimated street price of $275. Those looking to add Web security, e-mail security, support and maintenance will pay a little more for a one-year subscription to those services, bringing the total price to $399. The subscriptions can also be broken down by individual service (antivirus, e-mail protection and support) in one- and three-year increments for businesses that would rather pick and choose their coverage.