Both Sygate and Check Point allow you to create a white list of applications from reference sources such as desktop or laptop
image files. In Check Point’s case, when an unknown program attempts network access, Integrity asks the Program Advisor database
for an access policy, automatically allowing or denying network access based on the Program Advisor response, or recommending
policy for admin approval.
Check Point’s Program Advisor includes white list and black list information that has been gathered from Zone Alarm clients
running on consumer desktops. Check Point states that Program Advisor has rules for more than 100,000 apps. Additionally,
if Integrity Client detects malicious software, it takes control and automatically shuts down the offending application.
Not to be outdone, Sygate has OS Protection, in which the SEA monitors application behavior and blocks malicious or unapproved
program actions, preventing applications from modifying or creating particular registry keys, for example. SEA also has Application
Learning, which enables an administrator to learn the behavior of users and computers and then easily create enterprise security
policy to fit the behavior.
Both Sygate and Check Point allow you to easily create policies based on user, group, and source IP address. Each also has
support for separate policies depending on whether the user is connecting via wired Ethernet or wireless LAN or entering the
network via VPN or remote access server. This flexibility is especially critical as it pertains to mobile workers. Again,
creating and editing policies in both products is straightforward.
You also won’t find significant differences in these products’ reporting capabilities. Reporting has been updated considerably
since the previous version of the Integrity product, and is now quite extensive, with succinct graphs that complement presented
data. Event notification is via SNMP, text, SYSLOG, and JDAC. Sygate likewise offers detailed records of network activity,
including applications, date, time, and SEA information. Reporting statistics can be e-mailed on a daily or weekly basis.
All considered, either of these end- point security and access control products will serve you well. A few differences, as
well as compatibility with your current network and VPN infrastructure, may lead you to choose one over the other. Sygate
includes an enforcement gateway in the asking price, and it goes beyond the Check Point solution to provide control over the
use of peripheral devices. Check Point’s advantages include a more robust agent, a longer list of switch and VPN partners,
and integration with Check Point’s network security products.
Symantec’s recent purchase of Sygate and WholeSecurity holds promise for Sygate’s client-side security capabilities. It’s
also reasonable to expect that the Sygate solution will integrate with Symantec’s IPS and other products, and that partnerships
with network infrastructure vendors will get a boost.
In short, where these products are headed may be even more important than where they are now. If you’re in the market for
policy-based network access control, keep your eye on developments. Things are moving quickly.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
