Review: UTM Plus

Network Box offers hosted security services based on its own custom appliances installed locally on end users’ networks. The company has a range of services designed to meet the requirements of firms of all sizes – from small home office users to large corporate enterprises.

To accommodate this wide spectrum, the firm has developed six progressively more powerful appliances. These are used to deliver the same comprehensive range of remotely hosted and managed security tools, including firewall, anti-virus, anti-spam, VPN services and policy-based web filtering.

The devices all run a customised and hardened version of Linux.

For our test, we were examining the one above entry-level SME device, which is designed for larger offices of 25 to 50 users. It is shelf- or table-mounted and supports both LAN and DMZ as well as dual redundant WAN connections.

Given that this is a managed service, installation on customers’ networks is usually conducted by a Network Box engineer. But we chose to set the device up ourselves so we could examine all aspects of the process. Having made this choice, we were asked beforehand to provide Network Box with some basic information about our test LAN, including the address of the internet router, DNS server, and so on, so the appliance could be pre-configured.

After the box arrived, we followed the clearly laid-out documentation and simply connected our internet router to the internet port on the back of the appliance with a patch lead and phoned up Network Box to activate and configure the device. One of the firm’s support engineers went on to efficiently and professionally guide us through the subsequent setup process.

Initially, the device was not visible to the remote engineer and we were asked to try opening up ports on the router to facilitate communication with the box. This still did not work, because the box was able to communicate out, but could not receive the necessary updates from Network Box.

Undaunted, the engineer asked us to try placing the box’s local 192.168.2.10 address in the DMZ zone. This immediately solved the problem and allowed the engineer to upload the latest security applications. It is worth reiterating that this process would normally be conducted by a Network Box engineer. This on-site service is included in the initial one-off cost of £2,200, which customers must pay for the SME device we were testing. Customers must also pay an additional £2,800 per year for the managed service, licences, patches and updates.

Having got the appliance fully prepared, we were then taken through the process of accessing its web-based management console. This was a simple matter of attaching a client to the LAN port on the device and changing the IP address of this client to the same range as the appliance.

We then modified our browser’s LAN settings to point at the Network Box as a proxy server through port 8080. We were then asked to check both the browser and the security appliance by trying to access a blocked site, in this case playboy.com, which is blocked by default. This brought up a Network Box policy violation warning, indicating that the configuration settings were correct.

Having configured the browser, we moved on to perform a basic test of the device’s anti-virus functionality by logging onto eicar.com, from which we tried to download one of the security testing site’s virus files. This attempt was immediately blocked, with a Network Box warning screen informing us that an attempt to download a virus had been thwarted.

Having performed these basic tests, we then fired up the Network Box’s administration panel, which was a simple matter of logging in over a SSL browser connection. This presented a default admin screen that provides an at-a-glance summary of all of the security appliance’s settings, covering the most recent incidents of the most serious threats.

This admin console proved to be one of the better efforts we have seen for this type of device. It is, overall, very logically designed, although we were initially a little confused that the main configuration options are duplicated in both a roll-over panel of buttons running across the top and a vertical navigation bar running down the left of the screen.

From this main screen we were able to easily perform the basic reconfiguration of elements such as anti-spam, anti-virus and web filtering. It should be noted that the actual user configuration options appear limited, but this is due to the managed service nature of the offering which relies on Network Box to ensure that the service is running at maximum efficiency. However, from these screens we could to add sites to our customised whitelists and blacklists, for example, and make basic tweaks to anti-spam and anti-virus configurations.

In our testing it took only a short while for the web filtering policy engine to reclassify blocked sites, but the company promises to release a new policy engine that can speed up this function.

The Network Box device does not appear to have the flexible reporting options expected in a device of this capacity, such as the ability to control generation and distribution of bespoke log files. But the appliance is aimed at firms that do not have large in-house IT teams and, once a week, customers are sent a comprehensive report detailing any threats picked up by the device.

For: Holistic offering that can eliminate IT security worries for firms with no in-house IT expertise.
Against: The hosted service model might not appeal to everyone.
Verdict: A comprehensive, relatively good value managed service offering that is well worth considering.