Intrusion Detection and Prevention
Intrusion detection goes beyond the simple packet header inspection that all firewalls perform, actually examining the packets' contents as well. Together with deep-packet inspection, intrusion detection and prevention systems use ever-evolving rules and behavioral algorithms to block suspected attacks, much as antivirus software does.
Less commonly available--but important to some small businesses--is data-leakage prevention. "Data leakage" refers to the loss of proprietary information and documents from the network via e-mail, e-mail attachments, instant messaging, Web site uploads, and so on. Law and medical offices especially need to prevent transmittal of client or patient data; they can be sued if such information leaks out.
DLP software uses content filtering or simply blocks e-mail attachments and file transfers. You may be able to simulate DLP by using regular content and port filtering tools, but you'll need to anticipate some of the ways data can leak, and some expertise in security configuration is extremely valuable. A security consultant can be a big help here.
One of the first specs you'll see on any UTM appliance datasheet is firewall performance or throughput, expressed in mbps (megabits per second). These numbers can provide a rough guide to performance, but they may not factor in the impact of the UTM tools you use--from intrusion detection to antivirus to content filtering--which can reduce throughput by up to 50 percent, though some gateways handle the hit better than others due to speedier processors or more efficient software. Antispam filters usually have the heaviest impact on throughput.
Most vendors have try-before-you-buy programs, so take advantage of these arrangements
To prevent unauthorized users from accessing your LAN, most UTM appliances support one or more authentication schemes, such as Windows Active Directory, LDAP, RADIUS, or an internal user database. They also provide MAC address filtering to prevent unregistered devices from accessing your LAN; unfortunately, MAC addresses are easy to spoof.