[David Strom's Web Informant] June 18, 2013: Why your small business needs a better firewall

David Strom david at strom.com
Tue Jun 18 09:18:22 EDT 2013

Web Informant, June 18, 2013:
Why your small business needs a better firewall

When I set out to test a collection of new small business firewalls
for Network World, I wanted to find a place that could illustrate
their need. I was fortunate to find Mercury Labs, which despite their
name is a video production and public relations agency of about 10
people located in midtown St. Louis, not far away from my office. Over
the course of a couple of weeks, I brought in several different
unified threat management boxes to try out.

Mercury was instructive because before I got there, they didn’t really
have a lot of protection on their Internet connection: the only device
connected to their cable modem was an Apple Airport. Relying on NAT
does not a firewall make. Over the course of my tests, they were
intrigued to see the consistent number of attacks coming across the
big bad Internet as we could capture them in real time. Think of a
sewer line that is encased in clear plastic so you can see the flow of

They also were typical of many small businesses that had poor wiring
plants, with mislabeled or unlabeled connections in their wiring
closet and spaghetti or ancient cabling. This ironically made it
easier to connect their computers via Wifi easier. They were also very
tolerant as I brought up and down their Internet connection during
their work day as I put each UTM box through my tests.

Several of the vendors sent in their techs to help me with the tests,
something that I always welcome because we always find bugs in any
product. In fact we found a killer bug in the top-rated product from
Check Point. The tech was making some frantic calls back to his
developers in Israel where they quickly found and fixed the bug and
sent us the new firmware.

My report highlights how hard it is for small businesses to secure
their networks. It isn't as if they don't have lots of choices. You
can buy a home router for less than $50 from any number of consumer
networking vendors, or you can spend more than $4,000 for one of the
more than a dozen firewalls from the enterprise security vendors. The
UTM products lie in between those price points and in my mind offer
the right mix of protection, price, and features.

The UTM products include more than just a firewall: there is intrusion
detection and prevention, network-based anti-virus and anti-spam
screening, virtual private network connections (VPNs), and content
filtering on outbound Web browsing to prevent phishing and
browser-based attacks. The VPN in particular was of interest at
Mercury, because they wanted to connect to their office network when
they were home or on the road. Many of the UTM products offered
several different VPN options too.

I liked the Check Point UTM because it had a nice balance of
simplicity and power, and it was also the cheapest of the boxes that I
tested. It worked well on the mostly Mac network at Mercury, something
not all of its competitors could claim. It had wonderfully designed
configuration screens that made it easy to set up protection policies
without having to resort to command line syntax as some of its
competitors forced. The defacto IT guy at Mercury was comfortable
handling some of the more routine chores too.

You can read my report (registration required) here:

More information about the WebInformant mailing list