Review: Cyberoam CR35iNG
Cyberoam markets the CR35iNG as a unified threat management (UTM) device - an all-in-one security solution for an array of security needs, from intrusion protection to content filtering. The unit comes packed with an array of protective tools and services.
The 'UTM' label is broad by definition and the functionality varies from device to device. Included are functions such as real-time monitoring, next-generation firewall (NGFW), intrusion prevention systems (IPS), virtual private networking (VPN), anti-spam measures, gateway anti-virus, Web content filtering and access control. In addition, some devices offer DDoS protection, data-leakage protection and anti-bot protection.
The Cyberoam CR35iNG can be set up either in gateway or bridge mode, depending on your requirements. Gateway mode is for users who want to apply security policies to traffic between LAN and DMZ (mail/Web server) networks, as well as WAN traffic. Bridge mode is for the simpler DMZ-less approach. I tested the device in bridge mode and found the process to be easy and fairly quick.
First one accesses the device from the management computer (to designate a terminal, as the 'management computer' simply requires setting your computer's IP to a given IP listed in the manual, to gain access to the device's settings). This is followed by assigning the device an unused IP and setting up gateway/mail server options, then registering a customer service account and opting in to the trial version of all key features, which took mere seconds.
Within no time, I was watching the device's dashboard as it informed me of intrusion attempts, virus interceptions, general Web traffic events and monitoring statistics. I went for the standard security settings - as simple as selecting and clicking 'apply'.
Under this stock security setting (R5 152 - dependent on dollar/rand exchange), traffic from certain sites and applications, and about certain topics, was restricted, slowed or outright blocked.
Sites related to terrorism, drugs or violence, for example, are all controlled (handily grouped under 'Unhealthy'). Some less severe sites and content types are grouped as 'Non-working' - allowing Web and network administrators to monitor procrastination and bandwidth wasting quite easily - even slowing down or outright blocking problematic topics. The same applies to IM, should you wish to employ such a feature - providing the ability to monitor all common instant messaging services (it does warn users that this is taking place).
So, from the fairly harmless seeming 'Astronomy' to the more concerning 'CrimeandSuicide', traffic is carefully checked against a blacklist, then dealt with accordingly. Under Cyberoam's 'Identity Based Security', a multi-tiered permission management approach that offers more freedom than a simple 'user/privileges' style, users can be grouped and assigned different policies and filters, allowing for easy management of differing levels of Internet privilege, as well as assigning bandwidth and download file size limits to different levels of employee. This is infinitely preferable to the workstation/IP limitations commonly used in less advanced security solutions.
All traffic is scanned and green lit en-route to your terminal's browser, including (if you opt to set it up to do so) your mail. The device has a quarantine zone on its hard drive that you can use, in conjunction with spam filters. The device has built-in spam blacklisting services as well as virus outbreak prevention filters to identify and lock down self-duplicating viral e-mails before they can take hold.
As well as ensuring traffic is safe, you can also use the CR35iNG to balance network loads, with bandwidth slowing and other traffic management tools able to assist in ensuring optimum network performance, narrowing the potential for external manipulation resulting in potential security exploits and vulnerabilities.
With Web filtering, monitoring, balancing loads, anti-spam and firewall all in one, the ease of use and convenience of the device is offset only by the risk of it serving as a single point of failure. This means it needs to be robust and well-performing when fulfilling its duties.
UTM devices are notorious for their pricing, but the Cyberoam CR35iNG isn't another underperforming, overpriced security solution. Sporting 1GB of DDR3 RAM, an operating system run off a 2GB CompactFlash, the 1.4Ghz AMD G-Series T48L and 250GB of internal storage (SATA), the device does live up to its claimed performance, offering speed comparable to market rivals at a fraction of the cost.
Boasting the ability to manage 2.3Gbps of traffic, PCPro's testing demonstrated the CR35iNG performing three times faster than opponent Dell's SonicWALL NSA 2400MX offering, at less than half the price.
The Cyberoam CR35iNG sells for R10 247 (dependant on dollar/rand exchange) and is an ideal incentive for South African SMEs to consider UTM hardware for their future security solutions.