If there's a downside to Integrity it's the required dedicated server. You shouldn't run it on a machine that's doing anything
else. This isn't a major disadvantage -- it's likely you'd want to use a dedicated machine anyway -- but it's something for
which you need to plan. You have to turn off IIS, by the way, because Integrity comes with its own copy of Apache, which needs
the same resources. Integrity will stop running if it finds IIS in use.
Overall, Integrity is an excellent choice for keeping your clients secure. Like the other products in this roundup, it doesn't
do everything. It lacks its own anti-virus client, for example. And although Integrity falls short of Sygate in overall capabilities,
it provides support for those things it doesn't do and gives you plenty of control over client security in a way that is also
easy to use and manage.
McAfee Active VirusScan and Desktop Firewall
At the center of McAfee's end-point security solution is ePO (ePolicy Orchestrator), a centralized management application
that works with a variety of McAfee clients. I tested McAfee's Active VirusScan Suite, which includes ePO, the enterprise
version of the company's anti-virus software, and McAfee's Desktop Firewall.
The combination of products allows you to have both virus protection and a personal firewall on your client systems. You can
monitor those clients for perils such as a virus outbreak, and you can push virus definition and software updates to your
clients as often as you wish. The VirusScan Suite also includes NetShield, a virus scanner for Novell NetWare servers, which
I did not test.
McAfee is in the process of releasing other products that can work with ePO. For example, recently acquired Entercept, a host-based
intrusion prevention package, will be integrated into ePO in the next release. (Read InfoWorld's review of Entercept 5.0.)
ePO is designed to monitor the network for client systems that are out of compliance with your security policies. This may
include clients that don't have up-to-date virus definitions or clients that aren't running McAfee's agent. Most of the time,
ePO simply monitors the network, but when it finds a problem, it flags the problem client on the management console so you
can take action. ePO can monitor McAfee's own products and can also alert administrators to rogue computers and configuration
issues such as noncompliant Windows patch levels.
Getting ePO running and deploying VirusScan and Desktop Firewall to clients is a little more complex than it should be. First
you must install everything on the server then perform a number of steps to tell ePO what you want to send out to the clients
and to which class of users it should go. After I instructed ePO to deploy, I found that it sometimes took quite a long time
before the software was sent out to the clients and installed.
It can take a while to get rid of the McAfee software after deployment. I found that a McAfee client could persist for days
after ordering ePO to remove it. Normally, however, deployment or removal started within five minutes of when the action was
ordered.
After deployment, setup is very straightforward. The anti-virus product wasted no time in ensuring each client had all the
latest protections. I found the Desktop Firewall's lack of default settings surprising. Instead, it arrives in what McAfee
calls the "Learn Mode" and questions every attempt to access the network for anything. During this period, even normal activities
such as the anti-virus software checking for updates require intervention by the end-user.
You can set such defaults centrally, and you can deploy predefined rules. You can also direct ePO to learn from deployed agents
and report back, which in turn eventually builds a set of rules. Employing these options, however, assumes that everything
is acceptable for all users, so you'll still have to intervene in at least some cases.
When everything is running and your rules are set, monitoring your network is fairly easy. The management console is easy
to use and very flexible. You have granular control over your monitoring, and you can deploy sensors to other network segments
to monitor network activity and report back. You can keep tabs on all of this through the console, and force upgrades where
needed to keep the clients secure. You can also be proactive in the event of a breakout, dynamically changing rules to isolate
clients until you can fix them.
Overall, McAfee's ePO, VirusScan, and Desktop Firewall are an easy-to-use, effective combination of products that go a long
way in protecting your enterprise against malicious code, hackers, and the like.
Sygate Secure Enterprise
Enforcement is the focus of SSE (Sygate Secure Enterprise). At its heart, SSE is designed to provide a firewall for every
node on the network and to confirm that any other node that attempts to communicate is similarly protected. It goes beyond
that, of course. SSE may be set to confirm the levels of anti-virus protection and operating system patches, among others.
Any computer that attempts a connection to the network that doesn't meet the required level of protection can be quarantined,
either locked out of the network entirely or only permitted to connect to the update site for whatever is out of date.
For remote users connecting to the enterprise network, SSE will check to make sure they're using an approved VPN, that their
anti-virus software has been updated recently (admins get to set the number of days since the most recent update), and that
they've updated Windows. If clients don't meet all the requirements, Sygate supports flexible and granular ways to enforce
policies. For example, if a user hasn't run Symantec Live Update recently enough, he or she could only be allowed to connect
to the Symantec site and download updates. The same is true for any other policy you might choose to enforce.
SSE even checks for additional connections to the Internet outside the VPN and compensates for such loopholes. It might check
to ensure a user has not only updated the anti-virus signatures, but also run a scan. It might check to see if the user is
connecting from inside or outside the company and apply different standards depending on the location.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
