Skip navigation
IT Top 10 Reports
A close-up on an abstract design of a computer display, which is warning about a cyber attack. Getty Images

Top 10 Unified Threat Management Appliances

Unified threat management tools are an important addition to security teams’ arsenal, but there are many entrants to consider. To help you winnow the list of potential vendors, we analyzed feature sets – as well as company maturity level and financial footing – to identify the top 10 UTM appliances on the market.

With cyber attacks on the increase and IT regulatory requirements becoming ever more burdensome, it is more important than ever for organizations to deploy a comprehensive unified threat management (UTM) product. This report lists 10 UTM appliances that we have identified as market leaders.

So, what is unified threat management? Gartner defines unified threat management as “a converged platform of point security products, particularly suited to small and midsize businesses (SMBs). Typical feature sets fall into three main subsets, all within the UTM: firewall/intrusion prevention system (IPS)/virtual private network, secure Web gateway security (URL filtering, Web antivirus [AV]) and messaging security (anti-spam, mail AV).”

To create this report, we analyzed a few dozen UTM vendors to determine the top 10 market leaders. The 10 vendors that were selected are all established companies that appear to be financially sound. We limited our selections to those that offer an on-premises UTM option such as a physical or virtual appliance. All of the products that we considered offer firewall, IDS/IPS and advanced threat protection capabilities. The vendors also provide centralized management and content filtering capabilities, along with malware protection and various other features. For instance, some of the selected products offer VPN capabilities or provide protection that is based on artificial intelligence.

It is also worth noting that this report limits our discussion of each vendor to a single product line, even though some vendors offer similar capabilities across multiple UTM appliances. For example, we limited our discussion of Palo Alto Networks to its PA-Series appliances, even though the company’s VM-Series offers many of the same capabilities.

With those details out of the way, here are the 10 vendors that we’ve identified as leaders in the UTM market, listed alphabetically.

Barracuda Networks

Barracuda Networks’ UTM solution is its Barracuda CloudGen Firewall. The Barracuda appliance offers a vast number of features related to security, connectivity, network perimeter protection, remote access, management, automation and reporting. Barracuda’s malware defenses make use of two separate scanning engines and leverage both signature- and heuristics-based detection. Besides looking for traditional malware, Barracuda also guards against botnets, spyware, and even denial-of-service and distributed denial-of-service attacks.

Barracuda also seems to have gone the extra mile to ensure performance. Its UTM appliances use single-pass filtering and offer features such as traffic deduplication, WAN compression and caching, and even load balancing (with failover capabilities).

Check Point Software Technologies

Check Point Software Technologies offers customers the Check Point SandBlast Network appliance, which is based on the zero-trust security model. The appliance allows organizations to segment their networks at strategic locations, to prevent an attacker from being able to make lateral moves. Check Point’s zero-trust implementation allows admins to base policies on both users and devices.

Check Point also offers the option of evasion-resistant malware detection through its SandBlast technology, which is based on CPU-level emulation. Additionally, Check Point allows for the centralized management of all of its security products, regardless of where those products are located (cloud, on-premises, etc.)


Cisco delivers UTM functionality through its Cisco Meraki MX Series devices. Cisco Meraki products are designed to provide insight into end-user behavior while also keeping networks secure. Meraki appliances are able to restrict access to more than 70 categories of websites and can identify which web applications users are using. Administrators can then block access to unauthorized applications.

Meraki appliances can also be configured to provide VPN services in either mesh or hub-and-spoke topologies. Some models also support high availability and failover.

These appliances also offer a variety of security features, such as an identity-based firewall and advanced malware protection.


Forcepoint was included on our list for its Forcepoint NGFW Appliance. Like many of the other products on our list, Forcepoint appliances have an extensive collection of features. The appliances are designed to decrypt SSL and TLS traffic so that attacks and undesirable user behavior can be detected even within encrypted traffic streams. This means that the appliances are also able to detect and prevent user access to malicious or inappropriate sites.

Forcepoint appliances can also help organizations to extend their networks into the cloud and deploy applications on cloud services. Similarly, Forcepoint is able to rein in shadow IT by preventing users from accessing unauthorized cloud services.


Fortinet made it onto our list for its FortiGate Next Generation Firewall. The FortiGuard Security Services for FortiGate are at the heart of Fortinet’s firewalls. Each service within the collection provides a specific type of functionality. The FortiAnalyzer Cloud service, for instance, helps to identify network anomalies in real time, while the Application Control service lets admins create policies to allow, deny or restrict access to specific applications or application categories. Similarly, the Web Filtering service is designed to deny users access to malicious or inappropriate websites, while the Antivirus service keeps organizations safe from malware; if a malware infection does occur, Fortinet’s Virus Outbreak Protection Service helps to keep it from spreading. Find the full list of services here.  

Hillstone Networks

Founded in 2011, Hillstone Networks is the youngest and probably least-well-known vendor on our list. Even so, the company’s Hillstone T-Series Intelligent Next Generation Firewall is a serious contender.

Hillstone’s feature-rich T-Series appliances are based around three main technologies that collectively work to keep customers’ networks secure. First, Hillstone’s Advanced Threat Detection engine works to detect unknown malware through the use of statistical clustering. The second technology, Hillstone’s Abnormal Behavior Detection engine, uses behavioral analytics to find behaviors that are out of the ordinary and that might signal an attack. Finally, the UTM appliances use the Hillstone Threat Correlation Analysis engine, which aggregates the events that are detected by other security mechanisms and uses the correlation of events to detect security incidents.

Juniper Networks

Juniper Networks provides UTM capabilities to its customers through its Juniper Advanced Threat Protection appliances. These appliances are designed to ingest security intelligence feeds, which allows them to identify and prevent known threats. In addition, the appliances use sandboxing and machine learning to guard against unknown threats.

One of the more unique things about Juniper’s approach to security is that appliances are designed to work with third-party security systems such as switches, firewalls, network access control and wireless access points. In addition to providing real-time event analytics, Juniper appliances can work to block users or even quarantine an entire host until a detected threat has been neutralized.

Palo Alto Networks

Palo Alto Networks provides UTM capabilities through its PA-Series appliances. The PA-Series is a collection of physical appliances that are designed to enforce a zero-trust security model at the network perimeter. Palo Alto bases these appliances around its User-ID technology, which is designed to identify all users regardless of their location, device type or OS. This allows application access and other activity to be managed on a per-user basis rather than on a per-IP-address basis. Besides restricting access to applications, the PA-Series is able to enforce multifactor authentication, block access to known phishing sites and protect an organization’s network against malware and a wide variety of other threats.


SonicWall was previously owned by Dell, but became an independent company several years ago. The company rounds out our list with its SonicWall Network Security Appliance.

SonicWall appliances use a combination of appliance-native and cloud-based threat detection tools to keep networks secure. This approach allows SonicWall appliances to perform deep packet inspection without the overhead and latency incurred by the packet disassembly and reassembly process that is normally used.

Additionally, SonicWall uses deep learning algorithms to perform real-time malware detection for file types such as EXE, DLL, PDF, JAR, APK and Microsoft Office files. SonicWall’s Capture Cloud Platform contains hashes for known malware types. While this information is used in the detection process, appliances are also able to detect previously unknown malware.


Sophos’s UTM product is its Sophos SG UTM. Sophos UTM is based around the company’s Sandstorm technology, a machine learning technology that is designed to detect malware without the use of signatures. As its name implies, Sandstorm uses sandboxing to protect organizations against possible threats.

Sophos UTM also goes beyond basic threat protection by offering features such as a secure-access VPN and a site-to-site VPN. All of the platform’s features are exposed through a simple and intuitive management console. In addition to managing the product’s security features, the console allows admins to create a variety of reports. If necessary, reporting data can even by anonymized.  

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.