As 2006 comes to an end, we look back at the products that received our coveted SC Best Buy and Recommended awards. Here's your chance to once more read the highlights from our group tests and discover why these products were rated so highly by our expert reviewers. The full text of all these reviews can be found on our website at www.scmagazine.com/uk/reviews
ANTI-SPYWARE
Spy Sweeper Enterprise
Supplier: Webroot
Price: £8.80 per user for 1,000 users
Contact: www.webroot.com
This product combines the excellent detection tools of Spy Sweeper with
a management front end, Admin Console, a Java-based application used to
control how you deal with spyware over the entire network.
Installations can be managed by group, enabling you to schedule scans
and updates as appropriate for individual PCs and their uses. Groups
are automatically created based on Windows domain names, but you can
come up with your own. Updates are handled locally, and Webroot does a
really good job of it, including being able to choose to automatically
install program updates.
This level of granularity will appeal to large networks with strict
version controls. Scanning can be scheduled or run manually, either of
an entire group or individual PC. Scans run quickly in the background
and both the level of detection and the removal success is
excellent.
The Smart Shields can be configured for real-time spyware blocking,
including browser hijacking and preventing new start-up processes.
These are turned off by default, so you need to enable them for
comprehensive protection - better default settings would help,
however.
With excellent protection and an enterprise-worthy management console,
Spy Sweeper Enterprise has the protection you need.
Overall Rating: 5/5
VSA NG-5000
Supplier: Finjan
Price: £4,570 for 500 users for one year, including silver
support
Contact: www.finjan.com
Part of Finjan's Vital Security Appliance range, the NG-5000 uses a
2.8GHz Pentium 4 processor, has 2GB ethernet and four fast ethernet
ports. Deployment will depend on the size of your network, and you can
make one box do all the work or, for large networks, install one as a
policy server for centralised, web-based management and use additional
boxes as scanners.
The level of protection depends on the security options you enable. The
NG-5000 can be installed with third-party anti-virus products and
web-filters, which means it can be integrated into your existing
security infrastructure.
On top of the third-party scanners, Finjan offers its own anti-spyware
protection. It works at the gateway and is configured through the same
simple-to-use web interface as the others.
A range of protection is available, starting with Finjan's list of
known spyware sites. Blocking by this category means you can filter out
numerous sites, preventing users from becoming infected.
As a gateway product, there are no removal tools, so you still need
desktop protection. But this is an excellent security appliance.
Overall Rating: 4/5
ANTI-SPAM
IronPort C300 Email Security Appliance v4.1
Supplier: IronPort Systems
Price: £11,500
Contact: www.ironport.com
The C300 is aimed at SMEs handling up to 5,000 email users. Set up was
simple, and we had the device configured and running in minutes. The
browser management interface is logical and well designed, and its
online help system offers extensive explanations and examples.
We found it easy to generate a policy to inspect mail addressed to
particular users. If the content matched our search strings, the system
would block the delivery and send a notification to another specified
user that the mail has been received. Search strings can be regular
expressions for even greater flexibility. You can also apply these
policy rules in any order, intercepting mail before it enters the
anti-spam system. Sender verification can even be configured to
automatically reject or accept mail from listed domains and email
addresses.
The reporting system allows reports to be sent to multiple recipients,
but there are only two types: an incoming volume report and a system
summary report. However, these can be configured to run at different
intervals, and the various sections can be reordered so that a
reasonable amount of flexibility is possible.
Overall Rating: 4/5
MAILGATE 5550 APPLIANCE
Supplier: Tumbleweed Communications
Price: c £7,700 for 500 users
Contact: www.tumbleweed.com
Aimed at the enterprise market, the Mailgate 5550 offers dual
processors, redundant power supplies and four hot-swappable disk drives
with two Gigabit ethernet connections in a 2U chassis.
Installation was straightforward: we simply entered the network
addresses for the interfaces via the control panel at the front, while
printed installation documentation gave a step-by-step guide to
configuring each option using a browser connection to the management
interface.
In practice, little administration is needed, as most of the anti-spam
features are automatic. Admin just needs to decide the level of spam
detection to use - blocking it completely, simply tagging it and
passing it through or allowing end users to determine the rules.
The device was easy to use, with complexities completely hidden behind
the interface. Although this feels a little strange at first, it soon
becomes familiar, and the detailed monitoring screens and reporting
provide reassurance that the appliance is really doing its job.
Overall Rating: 4/5
VULNERABILITY ASSESSMENT
Auditor: Enterprise 4.1
Supplier: NetClarity
Price: c £11,500 for 256 addresses
Contact: www.netclarity.net
NetClarity's Auditor is a fine example of a fully featured appliance
that does not offer just vulnerability assessment, but also ties
results to compliance and ongoing information systems audit
programs.
The documentation is complete, well-illustrated and straightforward to
understand. We ran into no installation or usage problems that we could
not solve from the included manuals.
The appliance is also quick and easy to set up and use. Just plug it
in, follow the installation guide and go. The setup guide was clear and
the appliance was ready for testing in less than an hour.
The Auditor Enterprise performed very efficiently on our test network.
One interesting capability is its ability to audit against credit-card
security programs and regulatory requirements. Scans/audits can be set
up with specific compliance requirements, and the final report will
rate the target system relative to those values. Several regulatory
reporting schemes are included with the appliance.
The product does everything one would expect it to do and does it all
extremely well.
Overall Rating: 5/5
NESSUS/NEWT 3.0/2.2
Supplier: Tenable Network Security
Price: Free: plug-in access after seven days; commercial direct access
to plug-ins c£700 per year
Contact: www.tenablesecurity.com
In its original configuration, Nessus is client server-based. The scan
engine sits as a server on a Linux computer and you can communicate
with it using Linux or Windows clients. The client can sit on the
server machine or not. This is a good portable scanner for consultants
and engineers who need to manage vulnerabilities on multiple sites.
Because parts of Nessus are still open source, there is a huge
community of developers creating "plug-ins" for new vulnerabilities as
soon as they are discovered. The result is a library of nearly 10,000
plug-ins that are available automatically seven days after they are
introduced, or immediately for a £700 annual subscription.
Because of this, Nessus is arguably the most capable scanner available.
Clearly, the price is right, and there are no limitations on the number
of addresses you can scan. Reporting is simple, but excellent.
Overall Rating: 5/5
CORE IMPACT 5.0
Supplier: Core Security Technologies
Price: Not supplied
Contact: www.coresecurity.com
Core Impact is different in that it is primarily a penetration testing
tool. It behaves like a hacker, performing vulnerability and port
scans, then attempting to penetrate the target using the
vulnerabilities it finds. There are real benefits to this approach.
First, most of the tools tested report all the vulnerabilities they
find, categorising them on their importance. But this means the tests
take individual vulnerabilities out of context, making it difficult to
understand what is important.
Email support is available, and purchasers receive a free online
training session with a member of the support team over the phone.
Core Impact is very easy to install and you can begin testing quickly.
Different panels guide you through all steps from discovery to clean-up
and reports. A quick-start guide walks you through each test.
We found the product to be fairly flexible, with quite a few option
configurations and details of attacks with a solid user interface. For
organisations that need to be sure of the security of critical or
sensitive systems, Core Impact is a must-have.
Overall Rating: 4/5
SAINT SCANNER 5.9.8
Supplier: Saint
Price: c £1,250 for Class C
Contact: www.saintcorporation.com
Saint has its roots in the earliest days of automated vulnerability
assessment. It has been dressed up in a new suit of clothes, but
retains its Unix roots. This is, first and foremost, a vulnerability
scanner. In that regard, it is very similar to Nessus, but its user
interface is about as clean as one would expect, and it is web-based,
making any web browser the platform for the GUI.
Support is acceptable, and there is a strong web presence adding to the
support in an on-demand fashion. Saint is generally easy to use,
although not all Linuxes behave well. RedHat 7.2 went very smoothly,
even in a VMWare environment, but Mandrake 10.2 did not allow a clean
installation and Saint had to be uninstalled.
This is a powerful workhorse vulnerability assessment tool, quite
scalable and true to its mature vulnerability assessment roots, while
presenting an easy-to-use and configure user environment.
Overall Rating: 5/5
EMAIL MANAGEMENT
MIMEsweeper Email Managed Service
Supplier: Clearswift
Price: from £1.08 per user per month for 10,000 users
Contact: www.clearswift.com
The service is pretty simple, offering basic filtering services to
MIMEsweeper customers who want to reduce the volume of incoming spam.
But there are plans to make the full suite of MIMEsweeper functions
available through the managed service.
The current GUI is very good. The dashboard provides not only
operational statistics, but also alerts the admin of any DNS
misconfiguration. The filtering rules are configured through a simple
builder not unlike Microsoft Outlook's local filter interface.
Multiple domains are managed from the same interface, with delegated
administration. A conspicuous absence is a visible admin log, but the
system does track activity internally. Reporting is also quite basic,
with most useful information available in a separate log facility,
where specific alerts can be monitored.
We expect this service will turn into something special when the full
capability rolls out.
Overall Rating: 5/5
MIMECAST ONLINE
Supplier: Mimecast
Price: £1.25 per user per month for 5,000 users
Contact: www.mimecast.com
Mimecast offers its technologies as an appliance and a managed service
for smaller enterprises, run from three data centres. It is almost
wholly automated; clients do little administration work at all beyond
reporting.
The service starts by watching regular outbound mail for a few days to
build up a whitelist of email senders that is used to filter invalid
recipients. But this needs careful handling for mail aliases and
service accounts that do not generate outbound mail. Indeed, it is
probably better served by just integrating with an LDAP server.
Incoming mail is treated in a similar way - if the sender and recipient
have not communicated before, it is briefly quarantined while checks
ensure the sender is a real mail server rather than a bot.
Mimecast offers an amazing degree of control over the operation of the
service, presented in a very effective interface, with policy options
on every aspect of mail delivery, handling and management.
Overall Rating: 5/5
SINGLE SIGN-ON
RSA Sign-On Manager 4.5
Supplier: RSA Security
Price: c £28 per user up to 2,000 users
Contact: www.rsasecurity.com
RSA Security's software provides enterprise-level single sign-on with
either conventional passwords or, preferably, two-factor authentication
using RSA SecureID tokens.
An Active Directory application mode data store is configured to house
the sign-on manager-specific attributes without unduly interfering with
your existing active directory.
With two-factor authentication, users must be assigned to specific
tokens by importing available token data and assigning them a token
from the pool. For static passwords, relative strength characteristics
can be set. You can even set the number of allowable days for offline
use and send expiration reminders.
This is a serious, enterprise-level tool and, as such, deployment will
need to be properly considered and planned. For those ready to do this,
RSA Sign-On Manager is a first-rate solution.
Overall Rating: 5/5
ONESIGN
Supplier: Imprivata
Price: c £23 per user for 1,000 users
Contact: www.imprivata.com
A capability such as single sign-on must be robustly managed, and
Imprivata provides for this with its dedicated appliance and associated
agents, which reside on the user's workstation. The 1U device is a
sturdy, if rather noisy, device. Initial configuration is
straightforward, supported by a two-line facia display, an on-board
administrator guide, a manual and a set-up flyer.
The Imprivata agents take care of things at the client end and allow
for user authentication via passwords, tokens or biometrics. Two Upek
TouchChip fingerprint readers were supplied as typical examples of the
sort of biometric devices that might be used in a corporate
environment.
Application and user profiles are stored on the OneSign Server
appliance, from where the agents download required credentials at
initial log on, then communicate periodically with the server to catch
any changes. This can also take place remotely, via a VPN if desired,
to support mobile users.
This is a user authentication system for those who take such matters
seriously and need an enterprise-wide solution that is both robust and
user-friendly.
Overall Rating: 5/5
PATCH MANAGEMENT
PatchLink Update 6.2
Supplier: PatchLink
Price: from c £10 per node
Contact: www.patchlink.com
PatchLink's product has an impressive range of support for different
operating systems. Not only does it support Windows from 95 onwards,
but also AIX, HP-UX, Macintosh's OSX, Red Hat Linux, Red Hat Enterprise
Linux AS/ES/WS and Solaris. Novell Netware is thrown in for good
measure.
Installation requirements are strict. In the end, we settled for
installation on a clean system as it didn't like sharing a machine with
Microsoft Access. Nor, we were told, would it install on a primary or
secondary domain controller.
In fact, the vendor recommended the server be installed on a standalone
workgroup server. This flags up the issue of how to integrate this
product into your infrastructure.
The software is now much more user-friendly, with information updated
incrementally, rather than refreshing the whole database. This improved
the time spent pushing critical patches out to endpoint devices and
kept bandwidth overheads to a minimum.
This product is definitely worth considering for large
installations.
Overall Rating: 4/5
NETCHK PROTECT 5.5.1
Supplier: Shavlik
Price: from £20 per seat, including one year's maintenance
Contact: www.shavlik.com
Shavlik's patch management offering uses agentless technology and, once
installed, the first task was to perform a quick update of the patch
signature files.
The console takes a split-screen approach to navigation, with all the
tools you need positioned on the left-hand side and the relevant data
displayed on the right. Templates can be established to let you
determine how a particular environment is controlled.
Templates cover patch and spyware scanning, patch deployment parameters
and remediation processes, and each is extremely configurable. Remote
pop-up boxes can be established to let end-users know their machines
are being updated and there are detailed reboot options.
The console is very intuitive and easy to use. Reporting is
customisable and allows detailed network analysis. NetChek Protect has
relative simplicity and an agentless architecture, but impressive
detail and performance.
Overall Rating: 4/5
WEB CONTENT FILTERING
Websense Security Suite Lockdown Ed 6.1
Supplier: Websense
Price: £27 per seat for 1,000 seats
Contact: www.websense.com
Being both easy to use and configure has made the Websense Security
Suite a very popular product. Incorporated into the almost wholly
automated setup is the download and updating of the master database
that drives the URL and content filters. The interface is very
intuitive and quick to navigate, enabling users to find data and log
files without having to search through lots of menus.
Documentation is exceptional: after setup it is accessible from any
interface, as well as through links on the company website. It includes
material for administrators, deployment, installation and
configuration, all with network topology scenarios and tables.
The product comes with all the features of a perfect web content filter
and then some. With its easy-to-navigate interface, every aspect of a
filter policy is available for editing. Filters include URL categories
and protocol filters for SQL NET databases, file transfers, and instant
messaging. The suite also features network protocol and peer-to-peer
filters for all major P2P networks.
Overall Rating: 5/5
WEBWASHER CSM 5.3
Supplier: Secure Computing
Price: (1,000 users): £21 per user perannum; £24 per user
perannum with optional SSL Scanner module
Contact: www.ssecurecomputing.com
Webwasher is easy to set up and work with. Its interface is clean,
organised and intuitive. The setup file is a simple executable
installer that is mostly automated - just start it up and it does
almost everything else on its own. Configuration is laid out in clear
and concise guides.
Webwasher features many add-in scanners and filters that can be set up
and customised. These include a URL filter, three anti-virus engines,
an anti-spam filter, SSL scanner, content protection, content reporter,
and IM filter. Automatic updates are included with the licence.
This product performed well during testing. With the up-to-date URL
blacklists in our test suite, we tried many types of sites and it
blocked anything we tested. It has many detailed customisable logs and
reports that help administrators access any data they need about web
access across its protected network.
Overall Rating: 5/5
SURFCONTROL WEB FILTER 5.0
Supplier: SurfControl
Price: (for 1,000 users) Enterprise Protection Suite £4,790; the
Internet Threat Database £5,850; Mobile Filter £1,995
Contact: www.surfcontrol.com
As well as a full-service URL filter, SurfControl's Web Filter contains
an anti-spam agent, spyware shield, instant messaging and peer-to-peer
shields, anti-virus and games protection. Deny pages are fully
customisable for company or network and can contain specific
information as to why a user cannot access certain pages.
The product's most useful feature is the Virtual Control Agent, which
uses already known information to help categorise unknown sites,
stopping the user from accessing a site that could be inappropriate,
but might not be blacklisted. However, the Web Filter contains a
database of 54 categories with more than 14 million URLs, so it's hard
to find anything it does not already know.
The only drawback is that, for a product as potentially complex and
widely used as this, 24/7 support is not standard. If a problem arises
at night, administrators are not going to want to disable the product
and wait until the morning for help.
Overall Rating: 5/5
WIRELESS SECURITY
BlueSocket BSC2100
Supplier: BlueSocket
Price: BS Controllers start from £1,531 and go up to £17,000, depending on enterprise size. BSC1500 Access Point/Sensor co
£267
Contact: www.bluesocket.com
Setting BlueSocket's device is simple: the management port connects to
a switch to which all of your wireless access points connect; the
protected port connects to your existing network; and the BSC2100 takes
care of the security between the two.
BlueSocket sells its own "thin access points" that only provide
802.11a/b/g access, leaving security and management to the BlueSecure
Controllers, but any standard wireless access point can be used.
Management is through the company's excellent web interface.
Options to authenticate wireless users include forcing web redirects to
its front page, where users can type in their credentials. These are
then matched against either the internal users or an external source
including RADIUS, LDAP/AD and Windows NTLM servers.
Overall Rating: 5/5
INCHARGE RF MANAGER SERVER
Supplier: Colubris Networks
Price: c £5,700
Contact: www.colubrisnetworks.com
The InCharge RF Manager comes with a 1U rack-mountable server that
configures the remote sensors. To do this, you first need to use Secure
Shell (SSH) to get at the console, configuring the DNS settings so the
remote sensors can automatically find the server.
From here you need to connect the 802.11a/b/g sensors to your network,
making sure you have enough coverage for your entire company, so you
will probably need a few sensors per floor. Management is performed
through a Java-based console using Internet Explorer 5.5 or higher. The
first time you connect to the console, a quick-start wizard takes you
through configuration.
All you have to do is configure your security policy. Most events are
catered for, and you'll find that you look for pretty much any network
activity.
RF Manager is easy to use, and its neat graphical interface works well.
For each alert you configure, you have a choice of responses, including
sending an email alert and turning on the vulnerability prevention.
This uses the remote sensors to block transmissions to unauthorised
devices.
Overall Rating: 4/5
INTRUSION PREVENTION SYSTEMS
Ally ip100
Supplier: Arxceo
Price: c £500
Contact: www.arxceo.com
This IPS product incorporates blacklist and whitelist technology that
can be manually configured. If the device sees a threat, it
automatically blacklists the IP the threat came from and blocks it from
the network.
The Ally ip100 also has many fine-tuning capabilities with customisable
filtering options, TCP, UDP and DNS policies, as well as notification
options.
The tool - it's hard to think of it as an appliance - is very easy to
use and deploy. It sits on the network between the internet and a
switch, hub, firewall or router and is connected simply by plugging it
in.
The Ally ip100 performed way above our expectations. We were not able
to penetrate either the test network or the device itself. After each
test, we would remove our IPs from the blacklist, only to find
ourselves blacklisted again on the next attack.
Arxeco has built in numerous reporting features, including logs,
blacklist and whitelist information and network statistics.
Overall Rating: 5/5
REFLEX IPS100 5.0
Supplier: Reflex Security
Price: c £5,000
Contact: www.reflexsecurity.com
The IPS100 gives a thorough inspection to all network traffic and can
also be used as a filter. It operates inline and checks for external as
well as internal threats.
Logging and reporting is clear and organised. Several real-time screens
show network and attack traffic in many charts and graphs. At any time,
a report can be created for any time period.
This unit, consisting of both a console device and separate sensors,
broke the mould of other multi-unit devices. It set up very quickly and
easily, and needed no additional configuration.
The web interface is intuitive and easy to navigate, and the device has
clear and easily readable charts, graphs, and logs that include all
network traffic, attack traffic, and other threats.
The IPS100 passed every test. We had no success either with our
vulnerability scanning tool or our penetration tool. It instantly knew
it was under attack and blocked all malicious traffic. What's more,
during the attacks, no extra stress was put on the test network.
The IPS100 is great value. At around £5,000, it offers quick and
effective network-wide intrusion prevention: a good investment for any
size of company or network.
Overall Rating: 5/5
INSTAGATE PRO
Supplier: eSoft
Price: c £1,500 plus c£295 a year for intrusion
prevention
Contact: www.esoft.com
The InstaGate can become more than just a firewall and IPS, as eSoft
offers a mix of software extensions called SoftPaks. These include
anti-virus, web filters, and IM and peer-to-peer filters.
Apart from being an all-in-one device, this has a range of customisable
reports and alert logs. It also includes several real-time monitors and
keeps track of all internal and external activity.
The product has an intuitive setup and a good web interface. A wizard
guides administrators through all the basic steps, making deployment
quick and easy with little disruption to the network.
The appliance performed excellently against all tests. The InstaGate
Pro is dual-homed. It has one internal and one external connection,
which allows it to act as isolated entities on both sides of the
device. During our tests, we were only able to see the outside address
of the box and could not get past to see inside to our target.
Each SoftPak has a different annual subscription fee, so it can become
very expensive depending on how many features are desired. With all
support included, however, it can be worth the price.
Overall Rating: 5/5
EMAIL CONTENT FILTERING
MXtreme Mail Firewall 800
Supplier: BorderWare Technologies
Price: £2,656
Contact: www.borderware.com
The enterprise-class MXtreme Mail Firewall is a 2U rack-mounted unit.
Perhaps surprisingly for such a large device, the fan noise was not as
bad as some of its smaller competitors, but loud enough to warrant
housing it in a server room.
The unit ships with immensely comprehensive documentation, including a
very well-written quick-start guide and a list of release notes that
detail an impressive set of new features. Among these are outbound
message signing, improvements to inbound header options, BorderWare
Security Network (BSN) whitelisting, BSN relay checks, enhanced
Language Support and DNS ordering.
Boot-up takes you to the initial configuration interface, which allows
you to set the host name, gateway and domain name server settings. The
IP address is preassigned, but can be changed.
The main home page shows up the activity of mail flowing through the
unit. You can set the box to integrate with directory servers such as
Active Director and also bind to an LDAP server.
We were curious to note that a product update stated it removed
DomainKeys and SPF from the device's spam training due to their
"unreliability". The firm assures us the product still supports
both.
Overall Rating: 4/5
ESOFT THREATWALL 200
Supplier: eSoft
Price: c £925 plus c£229 per year for Email Threat Pak
Contact: www.esoft.com
Following a simple, step-by-step quick-start guide, we powered up the
unit and waited for it to detect our DHCP server and assign an address
within range.
eSoft has tried to make setup as simple as possible. After firing up
the web-based console, users are taken through a series of steps to set
up basic parameters and enter user and network information, such as
network IP, subnet, gateway IP and preferred DNS servers.
This unit could not access the internet to download its so-called
SoftPaks - software units that firms can mix and match to tailor their
protection needs. Then after checking the settings we realised that we
had omitted to add the ThreatWall's MAC address to our list of allowed
LAN clients.
Thereafter, the unit cycled successfully through all its tests and took
us to the SoftPak registration screen, from which it automatically
began downloading the modules for which it is configured: in our case,
the email ThreatPak with integrated anti-spam, anti-virus and email
content filtering. We also received the Premium Gateway Anti-virus
program.
Overall Rating: 4/5
MIMESWEEPER FOR SMTP 5.2
Supplier: Clearswift
Price: £9,000 for 1,000 users
Contact: www.clearswift.com
MIMEsweeper is designed to check email flowing in and out of an
organisation against a list of different parameters, such as virus,
spam and any defined corporate policies. This version would be best
suited sitting on a dedicated server between the mail server and the
internet.
Once up and running, the next stage is to look at setting policies.
This involves not just deciding what types of attachments or words you
want MIMEsweeper to block, it is also about what domains you are happy
to accept email from.
The policy manager within the product is easy to set up. Configuring
policies is extremely granular, extending down to the group and user
levels. Specifying which content can be allowed and disallowed was also
easy.
MIMEsweeper for SMTP is worth considering for any enterprise, although
organisations running Domino or Exchange servers might want to think
about using the vendor's other dedicated products instead.
Overall Rating: 4/5
AV MANAGEMENT
Kaspersky Anti-Virus Business Optimal 5.0
Supplier: Kaspersky Lab
Price: £20 a year per node for 100 nodes, including Kaspersky
Administration Kit
Contact: www.kaspersky.com
To install this Kaspersky anti-virus software, you require either SQL
Server or the Microsoft Desktop Engine on the machine or the network.
This means a long wait for all the elements to be installed on the
admin machine.
The console runs as a snap-in under the Microsoft Management Console,
which effectively means that it can only be run under Windows.
This minor criticism aside, the console is easy to get to grips with
and, on first look, provides the user with several options to install
and maintain workstations and servers on the network.
It was easy to roll out anti-virus policies on to target machines.
Policies can be modelled on a range of different templates, based on
the target machine's function.
As usual with Kaspersky, the reporting tools are second to none. A few
clicks generate reports on a variety of different metrics and the data
is presented in html.
Overall Rating: 4/5
F-SECURE CLIENT SECURITY & POLICY MANAGER 6.0
Supplier: F-Secure
Price: £11.50 per user for 1,000 users
Contact: www.f-secure.com
Designed to protect against everything from hackers to the use of
forbidden networking software, this product consists of two functional
units. The F-Secure Policy Manager (console, server and web reporting)
looks after the centralised management of the anti-virus solution in
the network. It is partnered by the F-Secure Anti-Virus Client Security
to prevent damage by a virus or hackers on workstations.
The Policy Manager console interface is clear and well designed. Using
the intuitive GUI we easily built up a list of client PCs on our test
network with the help of an auto-discover feature that creates a domain
tree. Thanks to the product's "push installation", administrators can
deploy F-Secure Anti-Virus Client Security for PCs and laptops
remotely. The console allows you to specify target IP addresses to
simplify management.
The suite was simple to install, although the sheer number of
configuration components could be confusing. But it's an impressive and
comprehensive package.
Overall Rating: 4/5
IRONPORT VIRUS OUTBREAK FILTERS ON C300 APP
Supplier: IronPort
Price: £10,900
Contact: www.ironport.com
The device is based on IronPort's own hardened operating system,
AsyncOS 4.5.5, and includes anti-spam, anti-virus, mail-flow
monitoring, message encryption and virtual gateway technology.
It has an enhanced overview page that gives users a useful snapshot of
remote hosts connecting to the device. It also features enhanced
anti-spam, anti-virus and quarantine functions. For the first time, it
includes support for domain key signing.
Boot-up time for the operating system was surprisingly long, but we
will give it the benefit of the doubt because of the enterprise nature
of the appliance. Web-based console users are initially prompted
through an intuitive setup wizard.
Basic setup tasks went smoothly, such as defining IP addresses and
routing gateways and domain names from which the device's inbound
listener could accept mail. It was simple to define the filtering based
on SenderBase reputation service scores. Out of the box there are three
levels that can be set up: conservative, moderate or aggressive. Users
can also set their own custom levels.
Overall Rating: 4/5
SYMANTEC ANTIVIRUS CORPORATE EDITION 10.0
Supplier: Symantec
Price: £19.99 per user for 1,000 users
Contact: www.symantec.com
Symantec AntiVirus provides protection against spyware and viruses. The
enterprise edition also tackles spam and provides content filtering.
The corporate edition is designed for a predominantly Windows
environment, although NetWare support is available for some
modules.
Platform support also looks set to be improved, with a newer version
soon available promising support for Red Hat Enterprise, SuSE Linux
Enterprise Server and Novell Linux.
The System Center management console is a straightforward, two-pane
Windows Explorer-style affair. All the clients for which we chose to
install the remote software were imported into the System Center
management console, where any number of tasks can be carried out. From
here it is possible to organise scans, update schedules and carry out
other tasks.
While the management console is thorough, it can be a little confusing
and laborious to use. But one of the advantages of Symantec software is
its scalability.
Overall Rating: 4/5
ENDPOINT SECURITY SAFE ACCESS
Supplier: StillSecure
Price: from c. £21 per IP
Contact: www.stillsecure.com
This feature-rich device scans by monitoring the network for new hosts
or IP addresses and requires that each computer passes its tests before
connecting it to the network. All activity is shown in a detailed
report explaining what tests the user passed or failed.
The appliance is simple to set up and rapid to deploy. The Safe Access
platform is built on Red Hat Linux and is installed on its own server.
Once setup is complete, configuration is done through the web
interface. An intuitive configuration wizard assists in final setup and
configuration of policies.
Safe Access performed very well during the test. It even denied access
to our clean test machine because the anti-virus software we installed
on it required an update. Neither of our machines was able to access
network resources until the policy was met.
All this power comes at a price, though. The Safe Access licence could
become expensive for large enterprise networks - however, volume
discounts apply.
Overall Rating: 5/5
LANDESK SECURITY SUITE
Supplier: LANDesk Software
Price: £60 per node for Management Suite; £20 per node for
Security Suite
Contact: www.landesk.com
LANDesk Security Suite must be installed on a central server, which
must pass certain security and version tests. After installation,
policies can be set for access, applications, software versions,
service packs, anti-virus etc. Agents planted across the network also
allow the console administrator to take remote control of machines in
violation of policies.
Although setup and installation is simple and intuitive, configuration
is more difficult, and the application interface can be frustrating to
use.
The documentation for LANDesk is easy to follow and is downloaded from
the company's website. Free phone support is offered between 8am and
8pm EST, and there is an online forum and a knowledge base. This is one
of the higher-priced products for large enterprises, but LANDesk is a
fully inclusive endpoint security program with significant
capability.
Overall Rating: 4/5
FIREWALLS TSP 7300
Supplier: Secure Computing
Price: £55,500
Contact: www.securecomputing.com
This model is a beefy 3U box, supporting up to 38 ports with a total
filtered throughput of 2.8Gbps (or half that for AES-encrypted VPNs).
Hot-swappable redundant power and RAID storage is standard, and the box
fully supports high-availability in various configurations.
Secure Computing provides a great tool for configuration in the form of
an offline html page that walks through the options and generates a
text file. This can then be put onto a USB flash disk or floppy, and
when the machine boots it will configure itself to that spec. The only
worry was that the administration password is stored in the file, so
anyone with access to the same tool could brute-force the original
password without much difficulty.
With built-in content filtering, support for H.323 for voice,
two-factor authentication, application proxies and VLAN support, plus
very high-capacity IPsec VPN capabilities, it all adds up to a
comprehensive package. However, surprisingly there is no support for
quality of service for a product that scales all the way up to high-end
data centre environments.
Overall Rating: 4/5
ASTARO SECURITY GATEWAY
Supplier: Astaro AG
Price: £6,893
Contact: www.astaro.co.uk
The ASG 425 is at the top end of Astaro's 1U appliance range, with
several smaller versions and two larger options available. The unit
offers eight ports, but just one is active by default, and this is used
for the internal segment and web management. The rest must be
specifically enabled and configured.
The web GUI got us up and running without any hitches. The GUI works
fine, and the dummy SSL certificate installed in the box is easy to
change. Doing so caused a bit of confusion in the interface, with the
existing admin session becoming stale and reconnection then requiring
the stale session to be terminated: only one active login per user is
allowed. This sometimes caused problems with page refreshes, too.
Every page in the interface provides context help, and the appliance
provides a searchable electronic version of the manual.
Documentation is very good, with a well-written explanation of
deployment scenarios, likely uses and other useful pointers, rather
than the walkthrough of the interface most vendors provide. This is a
nicely integrated box with all the features we expected, plus some
surprises, such as support for UPS notification via USB.
Overall Rating: 4/5
FORTIGATE-1000A
Supplier: Fortinet
Price: £12,886
Contact: www.fortinet.com
We were pleased to see the FortiGate-1000A's web GUI default to a
secure https connection. A fully-featured console is also available
through a serial connection.
The interface is elegant and does a good job of grouping items
together, although related tasks could be linked a bit better.
A setup wizard created a new admin password and configured external
interfaces and firewall rules for internal servers providing common
services (smtp, web, ftp, pop3) and a choice of security levels. We
would have liked more information here, rather than having to go to the
documentation for what exactly "high" or "medium" security might
entail, but all the basics are clearly explained.
The filters include options to detect grayware, including adware,
Browser Helper Objects and more. These are disabled by default, and
there is no whitelist to allow objects on a granular basis. But it is a
useful addition.
This is a fully-featured UTM offering at the right price, which doesn't
skimp on the firewall and filtering features to do other, more
glamourous tasks.
Overall Rating: 4/5
FORENSIC TOOLS
I2 ANALYST'S NOTEBOOK 6.0.55
Supplier: i2
Price: £3,600 inc. one year's support
Contact: www.i2inc.com
The Analyst's Notebook from i2 is a different-from-most analysis tool
in that it is a true link analyser with a long pedigree in examining
complex crimes and security incidents.
Installation moves quickly - within two hours we had imported and
analysed metadata from EnCase for a detailed breakdown of data on a
hard disk, put in hacker profiles and examined a 65,000 record
intrusion detection system log for links between attacks and
attackers.
Logs, events and other data feed the link analyser's work process. The
easiest way to input data is by importing from a spreadsheet using a
CSV file. This allows users to import logs of virtually any kind into
the analyser, then the tool sets up the relationships and displays them
in various formats.
Viewing relationships is intuitive. The Analyst's Notebook is part of a
suite of products that allow very large, complex logs to be analysed
and subtle connections found in extensive distributed enterprises.
Overall Rating: 5/5
LOGLOGIC LX 2000
Supplier: LogLogic
Price: c.£27,000
Contact: www.loglogic.com
The LX 2000 is as feature-rich as you could wish. Its displays are
straightforward and you can perform a wide range of analyses relatively
easily. Coupled with the ST 3000 large-scale storage appliance, it
becomes an extremely powerful tool for managing, analysing and
archiving huge amounts of data.
Documentation comes as a set of clear and comprehensive PDF files on a
CD. Specialised tasks need to be referred to LogLogic support, but we
found this to be first rate.
A product such as this is a key ingredient in managing the overall
security of all sizes of networks. The LX 2000 alone is suitable for
small to mid-sized enterprises, while the addition of other LogLogic
family products allows scaling to virtually any size.
This is an excellent log analysis tool, but it's not for the
fainthearted. While its user interface is excellent, it has many hidden
capabilities that require some time to understand. It's also
expensive.
Overall Rating: 5/5
PRODISCOVER INCIDENT RESPONSE 4.55
Supplier: Technology Pathways
Price: £7,995
Contact: www.techpathways.com
A complete IT forensic tool that can access computers over the network
(with agents installed) to enable media analysis, image acquisition and
network behaviour analysis. Other capabilities include remote analysis
of running processes, open files, open ports and services, and other
network-based functions.
Although fairly easy to use, its complexity and granularity mean the
user must have some experience of working with a program of this
nature. But the user interface is laid out much like other products in
this category, and we could navigate around it with barely any trouble
at all.
Once we became familiar with the layout of the interface, we found it
was a powerful tool - able to fully image both our forensics test disk
and a disk on a computer on our network. We also found that it was
quite efficient, with fast and accurate imaging. Remote agents are very
small footprint.
Documentation is well laid-out with clear explanations of all the
program features. All in all. this product is excellent value.
Overall Rating: 5/5
DATA ENCRYPTION
DESLOCK+
Supplier: Data Encryption Systems
Price: From £25
Contact: www.deslock.com
DESlock+ is a useful and comprehensive collection of encryption tools
for Windows, packaged in an intuitive, easy-to-use manner. Also
included are two rugged USB devices for storing keys, one of which is a
back-up.
The DESkey devices can store up to 64 keys internally, or software key
files can be used instead. Both folders and individual files may be
encrypted with DESlock - in fact, even parts within a file if only
certain parts are sensitive.
An Outlook plug-in is included; recipient keys are easily organised via
key sharing, and useful wizards are supplied for managing both key
files and tokens. Other utilities include a shredder for secure file
deletion, a scratchpad for storing personal text, and a message viewer
that will decrypt a message into the viewer window without decrypting
the underlying file.
Supported encryption algorithms include 3DES, Blowfish and AES
(128-bit), with the RSA algorithm for key transfers.
Overall Rating: 5/5
DEKART PRIVATE DISK
Supplier: Dekart
Price: £24.40
Contact: www.dekart.com
Dekart Private Disk is a small footprint program to provide seamless
data encryption with further useful functionality.
The concept of a disk firewall is particularly interesting, providing
application-level access control, whereby a whitelist of trusted
applications is maintained within the encrypted disk area. If an
application not on this list tries to access any protected file, it
will simply be blocked.
This not only guards against malware, but may also prevent file copying
or other manipulation of data - a simple and effective idea. Also
interesting is the ability to run Private Disk directly from portable
media, allowing access by authorised users even when using a different
PC - again, a simple and effective approach that many users will find
useful.
Private Disk is flexible in its application and can work with a broad
range of portable media, including USB sticks and flash memory cards.
It is logical, intuitive and easy to use.
Overall Rating: 5/5
SECUREDOC
Supplier: WinMagic
Price: £82
Contact: www.winmagic.com
This is not just a simple plug-and-play product. It enables user
authentication at the preboot level, supporting passwords, tokens and
even biometrics. WinMagic has worked closely with other organisations
to provide a comprehensive choice of proven token technology.
Planning prior to deployment is crucial. This is emphasised within the
comprehensive PDF manual, which also provides a good deal of background
information for the security administrator. The various dialogues and
wizards are logical enough, but they require a certain level of
technical understanding.
The enterprise edition includes the SecureDoc Enterprise Server to
facilitate large-scale network deployments and associated key and
password management. Featuring a Microsoft SQL database, user and group
credentials can be imported from an existing Active Directory.
Overall Rating: 4/5
MULTI-FUNCTION APPLIANCES
InstaGate PRO
Supplier: eSoft
Price: £1,553
Contact: www.esoft.com
This product is feature-rich and especially easy to use and administer.
Setup really is as simple as taking it out of the box and plugging it
in. It is then configured using a straightforward, web-based
wizard.
The InstaGate PRO is a very powerful appliance. Software packages
called SoftPaks, which include anti-virus, anti-spyware, anti-spam,
intrusion prevention, a web filter, a firewall and many others, allow
for complete customisation.
It has a simple-to-navigate web interface that accesses the threat
monitor page. This displays an overview of the system's state,
firewall, inbound and outbound traffic and intrusion detection.
The box is well integrated both with itself and the network on which it
is placed. It is designed to work with existing firewalls and VPNs, as
well as by itself. The device produces many different reports, all with
colour graphs and charts, plus full event information.
The base price covers the appliance itself and the firewall, VPN (PPTP
and IPsec), DMZ, policy management, user management and WAN failover
features. Other features can be purchased for a one-time fee or by
subscription.
Overall Rating: 5/5
NETPILOT
Supplier: Equiinet
Price: £2,495
Contact: www.equiinet.com
The NetPilot appliance is simple to set up - you just plug it in and
turn it on. Once booted, the box starst its automatic configuration,
which can be changed to fit the specific needs of the network. This can
be accessed from anywhere on the network; once the user is logged in,
all functions are there at the touch of a button.
The interface is broken down into categories such as security, user
accounts, email filter policy, logs and maintenance. These then lead to
sub-categories with policy settings, configurations and many different
logs and charts.
NetPilot is packed with features, including a built-in firewall, VPN,
email filtering, URL and web filters, IDS, file and print servicing,
intranet and web page caching. But it lacks some elements offered by
rivals, for example anti-spam and web filtering.
The appliance provides amazing functionality and performance. All its
features integrate seamlessly. It also features easy-to-read logs with
different charts and graphs.
With a reasonably small price tag, low maintenance and free updates,
NetPilot is excellent value for SMEs or branch offices.
Overall Rating: 5/5
PROVENTIA NETWORK MFS APPLIANCE
Supplier: Internet Security Systems
Price: £8,118
Contact: www.iss.net
Recommended for its power and simplicity, this product was up and
running in no time. Its Java-based web interface is easy to navigate,
while policy configuration is both easy and intuitive. Alongside the
imaginative layout of the web interface, it offers useful help files.
All this makes this device very simple to manage.
The box is loaded with useful features, including a firewall, VPN,
intrusion prevention, web filtering, anti-virus and anti-spam. They are
accessible from the web interface and fully customisable to suit the
individual needs of the particular network environment.
The appliance is able to integrate seamlessly with the existing
structure of the network. All logs and alerts can be viewed easily in
real time.
With fully customisable policies, a load of well-integrated features,
and easy-to-read logging and reporting, this product performs extremely
well.
The Proventia MFS Appliance is excellent value for money. The product
provides many custom features, full comprehensive protection and easy
management. This would be a good investment for just about any
medium-to-large, even very large, company.
Overall Rating: 5/5
TWO-FACTOR AUTHENTICATION
RSA SecurID
Supplier: RSA Security
Price: c £9,290 for 100 users, including three-year hardware
tokens
Contact: www.rsasecurity.com
There is a huge choice of installation hardware for SecurID, with
support for Windows Server 2003, Solaris, Red Hat Linux, HP-UX, AIX and
Novell Suse Linux Enterprise Server.
The product is managed through the RSA Authentication Manager
management console. It can link with an LDAP server, such as Active
Directory, so you can pull in existing users, but you can't manage
tokens directly from your current directory management tool.
There's a good range of hardware and software tokens, including
software clients for BlackBerry, Java phones and Pocket PC.
A new single-use code is automatically generated every 60 seconds. This
means that registering new tokens has to be done with the provided CD,
as this gives the server the required seed record to synchronise its
key generation with the token's. It's a bit more work than asynchronous
systems and means that the tokens can get out of sync with the
server.
But while management might be awkward, third-party integration is
second-to-none.
Overall Rating: 5/5
KOOLSPAN SECUREDGE
Supplier: KoolSpan
Price: £2,680
Contact: www.koolspan.com
KoolSpan's SecurEdge is designed to provide safe access to a network
through a 256-bit AES link with support for up to 512 simultaneous
users. The kit comprises a lock that bridges the external network to
the internal one and a set of USB keys providing authentication.
The keys come preconfigured, so the only real bit of network wizardry
you have to perform is configuring port forwarding on your
router/firewall to pass authentication requests to the lock. As it
bridges two network connections, you may install it to provide secure
access from a wireless to the wired network, or for secure access to a
server.
You can manage keys by revoking network access, renaming them to match
the owner's username and selecting which locks they have access to.
Aside from allowing or denying access, though, there are no controls on
network traffic, so if you're looking for a complete access control
system with fine granular control, this isn't it. But it is a great way
of adding hardware-based authentication to your existing systems.
Overall Rating: 5/5
SAFEWORD PREMIER ACCESS 4.0
Supplier: Secure Computing Corporation
Price: £35.26 per user for 1,000 users
Contact: www.securecomputing.com
SafeWord Premier Access adds an authentication server to your network
that can protect your VPN connections.
Authentication can be through smart cards or Secure Computing's own
tokens, which come in gold, silver and platinum. Gold tokens generate a
single-use password after a PIN has been entered, so warn users that
typing the wrong PIN generates an invalid code. Silver tokens are
operated by a single button, while the platinum version comes with a
keypad.
The company also supports a variety of other two-factor devices, as
well as mobile authentication. Tokens are event-based, so they do not
need to remain in sync with the authentication server.
There is a choice of management options, including Secure Computing's
own console, which is available with the Enterprise Solution Pack that
also adds authentication for Unix login, web servers and web
applications.
SafeWord is a very simple product to manage, particularly for
Microsoft-based servers. However, it's also highly extendable.
Overall Rating: 5/5
SIM/SEM
TRIGEO SIM
Supplier: TriGeo Network Security
Price: c£10,400
Contact: www.trigeo.com
TriGeo SIM is simple to use and comes with many rule sets preconfigured
for most security situations. Setting rules for specific environments
is made easy by the Rule Builder, which uses different modules with
dedicated parts that you just drag and drop into the right place and
the rule is created. Filters are also easy to configure using the same
process.
This appliance is loaded with features, including real-time log
analysis, prebuilt correlations and IPS/IDS. It also boasts a unique
feature called USB Defender, which logs and alerts if a USB storage
device is plugged into any device on the network.
The TriGeo box analyses and reports information in various clear and
easy-to-read charts and graphs. In addition to more than 220 stock
reports, it has the ability for the user to customise reports using the
built-in Crystal Reports Engine. The TriGeo has a wide variety of log
correlation and analysis tools that make it a fully comprehensive
security device.
The easy setup, configuration, and analysis of reports helps cut down
on the cost of training personnel while still delivering accuracy. This
product offers excellent value both in the way of cost and
performance.
Overall Rating: 5/5
ENTERPRISE SECURITY ANALYZER
Supplier: eIQnetworks
Price: c £4,195 including licence for five devices and five
hosts
Contact: www.eiqnetworks.com
Although this program is simple to use, we found it took a little time
to setup and configure. Once the main install is done, there are
follow-up steps of creating SSL certificates for IIS and possibly other
loose ends, depending on the environment.
With a user-friendly interface, topology maps for event tracking and
easy-to-read reporting, this product encompasses all the main features
of a large-scale security monitoring system. The eIQ Enterprise
Security Analyzer has the ability to do log file forensics for
retracing log event patterns to isolate a security incident. It also
displays detailed real-time charts of events and alerts that are shown
on the dashboard.
This product offers a lot of value both in terms of investment and
security. Since it is able to integrate onto any Windows server, it
does not require the addition of a separate machine, which cuts down on
overall cost of ownership.
Overall Rating: 5/5
SEM3210
Supplier: High Tower Software
Price: c£31,440
Contact: www.high-tower.com
High Tower preconfigures all the equipment before it is shipped to the
end user, so when the appliance arrives there are just a few simple
steps to complete before it is online and ready to go.
We found this product simple to use, thanks to the intuitive user
interface that includes an easy-to-read dashboard-type console. The
overall simplicity of managing this device was one of its attractions.
The console is built on the Java platform, so it is possible to have
many different window modules open at the same time without ending up
in a jumbled mess of clicking through branch after branch or tab after
tab to locate information. The device is capable of handling up to
20,000 events per second and displaying real-time alerts and
information.
While this product has a lot of capability and flexibility, it does sit
high on the price spectrum. We still think it is good value for money
and a good investment for companies that can afford such a device and
have the requirement for its high performance.
Overall Rating: 5/5
SSL VPNs
SONICWALL SSL VPN 2000
Supplier: SonicWall
Price: £1,575
Contact: www.sonicwall.com
Once the interfaces are configured for the network, the SonicWall
appliance is administrated via the user-friendly web interface.
The SonicWall has loads of features in addition to the SSL VPN. These
are atypical in that they address those things that one would expect in
a multi-purpose appliance rather than in a VPN. For example, along with
access to web servers, ftp servers, and file shares, this appliance
lets administrators create a Virtual Office for users. This can run
applications such as Outlook, Word and Excel from a server, as well as
give remote access to desktop or server machines. Administrators are
therefore able to develop very complete portals.
The product is flexible enough to support separate portals, giving it a
distinct workgroup flavor. One feature we liked is the ability to use
the VPN to access an individual worker's desktop computer remotely.
In addition to providing Radius, LDAP, NT Domain or Active Directory
authentication, this box uses an authentication method called one-time
passwords, which works as a two-factor authentication scheme.
Overall Rating: 5/5
CAYMAS 318
Supplier: Caymas Systems
Price: c£13,340
Contact: www.caymas.com
Generally, this appliance boasts the types of features administrators
like. It is easy to set up and requires little maintenance once in
operation.
The Caymas 318 uses several ways to control user access. Policies can
be set up so that users can only access what their identity,
authentication method, client, location and time of day will allow them
to. Also included are various access modes, such as web, file or
client/server applications in either clientless, thin or thick client
mode.
We found this device to have many options for authentication, which
really add to its flexibility. It supports Radius, LDAP, Active
Directory, PKI Certificates (with CRL checking) and local
authentication. It also incorporates two-factor authentication such as
SafeWord and ActiveCard.
An easy-to-follow quickstart guide gets the appliance going in no time.
This guide shows how to set up the device using a serial console and
gaining access to the web interface.
While the Caymas 318 is flexible and versatile, the cost is at the high
end for an SSL VPN appliance. We did like a lot of its features in both
user access and security, and support is superb, but we are not
impressed with the price tag.
Overall Rating: 4/5
POLICY MANAGEMENT
SECURITY CENTER LITE
Supplier: Lan-Secure
Price: c£525
Contact: www.lan-secure.com
Security Center Lite offers a relatively low-cost introduction to
vulnerabilty scanning and intrusion detection for infrastructures with
up to 100 network nodes. The product is software-based and needs no
remote agents. It is thus simple to deploy and configure within typical
Microsoft-based infrastructures, requiring Windows XP or Windows Server
2003, with Internet Explorer 6 or above.
Security Center Lite comes at a fraction of the cost of many more
sophisticated products in this space and therefore should not be
expected to offer equivalent functionality. However, it also requires
less admin and support.
The software is very easy to deploy and will reveal aspects of your
network that were not previously visible to you. Also, it will enable
you to quickly become proficient at spotting potential vulnerabilities
and blocking offending nodes accordingly. Plus, it can provide a degree
of automated rules-based protection.
Overall Rating: 4/5
AIRMAGNET ENTERPRISE
Supplier: AirMagnet
Price: £5,500
Contact: www.airmagnet.com
AirMagnet is unusual in that it specialises in protecting wireless
local area networks.
The freestanding AirMagnet SmartEdge sensor performs the primary
analysis of events within the sensor itself, via an integral AirWISE
analysis engine, obviating the need for heavy network traffic to and
from a central analysis engine.
The network of deployed sensors then reports back to the AirMagnet
Enterprise Server via a conventional ethernet network, where further
event correlation can take place.
The SmartEdge sensors can be configured via a console on the network or
via a serial connection directly to the sensor, which sports a
conventional 9-pin connector. This is a thoughtful touch, as the latter
arrangement may well suit a variety of implementations where sensors
are scattered around a given physical environment.
All in all, a very welcome tool that will enable organisations to
finally have as much confidence in their wireless networks as they have
in the wired variety.
Overall Rating: 4/5
INSTANT MESSAGING
ENTERPRISE INSTANT MESSAGING
Supplier: MessageLabs
Price: from c£1-4 per user per month
Contact: www.messagelabs.com
This is a comprehensive hosted security solution for IM. We were
provided with a simple ten-user licence evaluation version of the
system. At the heart of the product is a hosted administration tool
that is extremely intuitive and easy to use. From here we were able to
access all aspects of management, establish policies, add users and
view relevant reports.
The client software is called Professional Online Desktop (POD) and is
an excellent approach to instant messaging security. As administrator
we could assign which networks the user could access (Microsoft IM, AOL
or Yahoo or any combination of these), all of which is then done
through the user's version of POD rather than the third-party
applications. It allows for much greater control over security.
Users can be added to the configuration module very quickly through a
batch file. Overall, it's difficult to fault MessageLabs' approach to
IM security.
Overall Rating: 5/5
FACETIME RTG500 ENTERPRISE EDITION
Supplier: FaceTime Communications
Price: from £7,500
Contact: www.facetime.com
A rebadged Dell PowerEdge 850 rack-mountable 1U server, the RTG500 is
aimed at the medium-sized to large enterprise market. To access the
initial set-up screen we had to connect a monitor and keyboard. Unlike
some of the software suites, the FaceTime server is aimed purely at
IM.
The console is clearly laid out and quite Web 2.0 in appearance. It has
a dashboard look and feel about it and provides a real-time view of
traffic such as spyware, IM, peer-to-peer, HTTP and UDP. All other TCP
traffic is grouped under one heading.
On first use of the appliance the default global policy for instant
messaging is not to allow file transfers, peer-to-peer, client
connections or IM networks.
The main configuration window provided a clear and concise view of the
device. We could establish custom policies via individual IP addresses
or a range of addresses. Spyware policies can also be established
here.
FaceTime has produced a good all-rounder that adequately covers the
networks most likely to be used in today's corporate environments. It
was let down slightly by minimal documentation and some aspects of
utility.
Overall Rating: 4/5
E-DRM
Pinion Desktop Packager
Supplier: Pinion Software
Price: £2,560 (5-user licence)
Contact: www.pinionsoftware.com
Pinion's desktop package is a simple, individual user-oriented DRM
program. We tested the Workgroup Edition. The product sits on the
desktop and allows the user to package a document. Once the file is
encrypted and recipient rights are attached, it may be sent out. To
open the document, the recipient needs the Pinion Receiver, which can
be downloaded for free from the Pinion website.
Desktop Packager supports a broad array of file types, including Word,
Excel, PowerPoint, Lotus Notes email messages and Cad applications such
as Autodesk, Solidworks and PTC. In addition to encryption, other
protections may be applied selectively to the document and the user can
limit the time the document is viewable.
The desktop packager and the receiver were easy to install and the
product integrated seamlessly with Outlook. If there is a downside to
this product it's the price, which may keep it out of reach of most
small companies.
Overall Rating: 5/5
SECURE2TRUST
Supplier: Avoco Securel
Price: c£198
Contact: www.avocosecure.com
This is a desktop product in that it requires no server and instead
attaches document rights to the individual document. It can be deployed
as either a simple desktop DRM application or as a full-blown E-DRM
system using the server to manage the clients over a large, distributed
enterprise.
Of all the products we looked at this was the simplest to deploy. The
installation is intuitive, with an easy-to-navigate interface and
clearly displayed settings, policies and restriction options. The
solution comes with a set of predefined policies and uses an
information classification paradigm.
Administrators can create a set of classifications to match their
organisation's policies, with use restrictions for each level. Users
apply the appropriate classification to their documents.
There are several options for access control, including Active
Directory, password and groups. Printing, copying and changing files
can be prohibited. An optional manager and an enterprise server are
available.
Overall Rating: 5/5
Workshare Protect Enterprise Suite
Supplier: Workshare
Price: from £18 per user per year
Contact: www.workshare.com
This is a true large-scale extrusion prevention solution. Successful
deployment of this client/server application requires configuration of
Microsoft Server 2003 and SQL Server, as well as detailed knowledge of
these platforms. However, once installed, it is easy to use and can be
customised for many different conditions.
The suite's policy manager can act as an information gateway, applying
content filtering for more than 370 file types. It includes document
rights restrictions, email blocking based upon content, and
policy-control of PDF conversions. We were unable to compromise denied
documents or find a way to get the system to violate its policy.
The licence can become a fairly expensive proposition for the size of
enterprise for which it is intended. However, this was the most
complete product we looked at in terms of capabilities, and for big
organisations with large numbers of sensitive documents, this is a very
powerful product.
Overall Rating: 5/5.