Check Point and Sygate corral end points
Similarly strong network access control solutions make for a hard choiceFollow @infoworld
One big advantage that Sygate has over Check Point is that an administrator can manage the use of USB devices and other peripherals, especially important to organizations concerned about the movement of sensitive data via USB storage media. SEA can block reads, writes, and code execution from specific devices and several types of portable and nonportable drives.
Both Sygate and Check Point allow you to create a white list of applications from reference sources such as desktop or laptop image files. In Check Point’s case, when an unknown program attempts network access, Integrity asks the Program Advisor database for an access policy, automatically allowing or denying network access based on the Program Advisor response, or recommending policy for admin approval.
Check Point’s Program Advisor includes white list and black list information that has been gathered from Zone Alarm clients running on consumer desktops. Check Point states that Program Advisor has rules for more than 100,000 apps. Additionally, if Integrity Client detects malicious software, it takes control and automatically shuts down the offending application.
Not to be outdone, Sygate has OS Protection, in which the SEA monitors application behavior and blocks malicious or unapproved program actions, preventing applications from modifying or creating particular registry keys, for example. SEA also has Application Learning, which enables an administrator to learn the behavior of users and computers and then easily create enterprise security policy to fit the behavior.
Both Sygate and Check Point allow you to easily create policies based on user, group, and source IP address. Each also has support for separate policies depending on whether the user is connecting via wired Ethernet or wireless LAN or entering the network via VPN or remote access server. This flexibility is especially critical as it pertains to mobile workers. Again, creating and editing policies in both products is straightforward.
You also won’t find significant differences in these products’ reporting capabilities. Reporting has been updated considerably since the previous version of the Integrity product, and is now quite extensive, with succinct graphs that complement presented data. Event notification is via SNMP, text, SYSLOG, and JDAC. Sygate likewise offers detailed records of network activity, including applications, date, time, and SEA information. Reporting statistics can be e-mailed on a daily or weekly basis.
All considered, either of these end- point security and access control products will serve you well. A few differences, as well as compatibility with your current network and VPN infrastructure, may lead you to choose one over the other. Sygate includes an enforcement gateway in the asking price, and it goes beyond the Check Point solution to provide control over the use of peripheral devices. Check Point’s advantages include a more robust agent, a longer list of switch and VPN partners, and integration with Check Point’s network security products.
Symantec’s recent purchase of Sygate and WholeSecurity holds promise for Sygate’s client-side security capabilities. It’s also reasonable to expect that the Sygate solution will integrate with Symantec’s IPS and other products, and that partnerships with network infrastructure vendors will get a boost.
In short, where these products are headed may be even more important than where they are now. If you’re in the market for policy-based network access control, keep your eye on developments. Things are moving quickly.