Security

From intrusion detection to spam, security solutions were high on our list in 2004

1 2 3 Page 2
Page 2 of 3

NetContinuum NC-1000 Web Security Gateway V3.5
NetContinuum           
Very Good, 8.5         
Cost: $29,000          
Bottom Line: From a network performance and capability standpoint, the NetContinuum Web Security Gateway is a very strong product. With a better serial console and stronger GUI presentation, it could be the strongest player in the Web app security market.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Permeo Application Security Gateway Version 5.0
Permeo Technologies         
Good, 6.6      
Cost: 50 users, starts at $12,784   
Bottom Line: This is an effective solution for companies that must control how users and their applications access internal and external networks -- after it's up and running. Unfortunately, it's poorly documented and very difficult to implement, frustrating users and administrators alike.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sanctum AppShield 4.0
Sanctum        
Very Good, 8.1         
Cost: Software, $25,000; appliance, $35,000     
Bottom Line: The Sanctum solution is designed for those who want to incorporate security into their Web apps throughout the development and deployment cycles. The interface makes setting up the product seem much more complicated than it is -- the only real downside to a very capable security system.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sentryware Hive Version 2.0          
Sentryware
Excellent, 9.1
Cost: Five protected domains, starts at $13,995; yearly maintenance, 20 percent of list       
Bottom Line: Hive provides exceptional, proactive security at a price even small-to-midsize enterprises can afford. Installation takes a bit of planning, but after it's running, Hive requires little ongoing maintenance.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Teros Secure Application Gateway (Teros 100)  
Teros
Very Good, 8.3         
Cost: $25,000
Bottom Line: The Teros 100 is a solid choice for those with an existing application that they have no intention of changing. Setup and configuration are easy, except for an awkward interface for creating JavaScript during the learning process. The system protects all common Web servers and app types. 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

PHYSICAL SECURITY
Axis Camera Station 1.0     
Axis Communications
Very Good, 7.0         
Cost: 10-camera installation, $999            
Bottom Line: Axis Camera Station is a solid, midlevel IP camera-management system, capable of supporting 25 cameras per station. ACS doesn't have the scalability or advanced features of the NetDVR-64, but its affordability and easy setup make it an attractive option for smaller deployments.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Mobotix M10 
Mobotix
Very Good, 7.2         
Cost: $1,025 
Bottom Line: This is a feature-rich IP camera and a viable all-in-one surveillance system if only a handful of cameras are needed. Capable of multiple resolutions, it also supports enhancements for different light levels. Trigger filters are backed by environmental sensors and can be integrated with ISDN telephony features.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

On-Net NetDVR-64 Version 3.1
On-Net Surveillance Systems
Very Good, 8.0         
Cost: 100-camera installation, $30,000
Bottom Line: Representing the high end of IP camera managers, NetDVR is capable of scaling to large camera volumes and managing those volumes based on geographic factors. An excellent drill-down interface is coupled with a vast array of event triggers, alarm integration capabilities, and notification methods.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

FIREWALLS
Check Point NG Enterprise
Check Point Software Technologies
Very Good, 8.5         
Cost: Unlimited nodes, $21,000
Bottom Line: Check Point combines the Firewall-1/VPN-1 kernel with application proxies capable of blocking both known and unknown layer 7 attacks. The result is an effective, easy-to-manage solution with significant protection against application layer attacks. Critical Web apps, however, may warrant additional safeguards.           
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Check Point Safe@Office 225
Check Point Software Technologies         
Very Good, 8.3         
Cost: $495 with 10 VPN clients
Bottom Line: The Safe@Office 225 is a standout SOHO firewall -- and not just for its great price. Running a simplified version of Check Point's powerful, complex operating platform, it was easy to configure. It also offers good anti-virus support, Web filtering, and Dynamic DNS by subscription, but it lacks anti-spam support.         
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Fortinet FortiGate 800         
Fortinet
Very Good, 7.8         
Cost: As tested, $16,793; appliance, $11,995; FortiGuard Web filtering service, $4,798
Bottom Line: The FortiGate 800 is a solid, enterprise-class firewall device that gives you an all-in-one security solution with gigabit interfaces and excellent VPN throughput. But utilizing all the built-in security features will cost you a significant performance hit. The management interface is well designed with tasks broken down in an intuitive way.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Ingate Firewall 1400
Ingate Systems
Very Good, 7.4         
Cost: As tested, $3,400; optional QoS module, $810; scaling SIP licenses, range from $150 for 10 licenses to $9,000 for unlimited; scaling traversal licenses, range from $300 for five to $9,000 for 250         
Bottom Line: The Ingate 1400 is an excellent choice for SMBs looking to exploit SIP-based VoIP. Although it can handle H.323 as well as any other traffic type, the 1400 contains its own SIP server, making it useable as the nerve center for SIP service on the network in addition to a robust perimeter security device.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Juniper NetScreen-5GT Enhanced
Juniper Networks     
Very Good, 8.3         
Cost: 10 VPN clients, $495            
Bottom Line: With an impressive array of features in a tiny box, NetScreen-5GT Enhanced has enough CPU horsepower and advanced features to protect a midsize business. It has excellent VPN and AV support and can handle 250 specific app-level attacks. Configuration is a little difficult.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

NetGear VPN Firewall FVS328
NetGear
Good, 6.0      
Cost: $195
Bottom Line: The Firewall FVS328 is fairly easy to configure and offers flexible support for certificates and Dynamic DNS. But it's missing basic all-in-one features such as anti-spam and AV support. In our tests, firmware troubles were made worse by NetGear's attempt to fix them. It needs a little more time to ripen.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ServGate EdgeForce Accel, Version 4.0
ServGate Technologies
Excellent, 9.1
Cost: Base price, $5,995; as tested, $16,990 including McAfee anti-virus and anti-spam modules
Bottom Line: ServGate has implemented critically important improvements in both its management console and its product configuration, including smoother VPN setup, easier configuration of remote devices, and policy-based filtering. Raw firewall and VPN performance fell short of the FortiGate 800 in our test, but the EdgeForce Accel performed better under attack.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ServGate EdgeForce Plus
ServGate Technologies      
Excellent, 8.6
Cost: $4,000 
Bottom Line: EdgeForce Plus uses Linux to its best advantage, providing as much or as little advanced firewall functionality as you need. It has excellent application-level firewall support, plus modular expansion that can include AV, anti-spam, content filtering, and even QoS.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SonicWall Pro 3060
SonicWall
Excellent, 8.7
Cost: As tested, with SonicOS 2.5 Enhanced Upgrade and 225 VPN client licenses, $5,385
Bottom Line: The 3060 combines outstanding performance, an easy-to-use management console, and an extensive menu of optional services, including content filtering, anti-virus, and intrusion prevention. Fully configured, it offers a well-rounded security solution -- provided you don't need Gigabit Ethernet interfaces.           
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SonicWall Pro 2040
SonicWall
Very Good, 8.4         
Cost: As tested, $1,995; IDS service, $995 per year; anti-virus, $387 for 10 users, $980 for 25 or more users
Bottom Line: The 2040 takes a more general approach to VoIP traffic, optimizing its NAT traversal, scanning, and logging engines for voice traffic instead of centralizing on a single VoIP protocol. Its enhanced security features and incredibly friendly UI make it a superior firewall choice for SMBs with existing VoIP infrastructure.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Stonesoft StoneGate SG-500-100
StoneSoft
Very Good, 8.4
Cost: As tested (SG-500-100 and StoneGate Management Center for a single site), $8,950
Bottom Line: The SG-500-100 is a solid, if pricey, enterprise-level firewall and VPN solution for remote or branch offices. The Management Center could be more polished but provides good centralized management of multiple appliances. It's a more affordable option for networks with lighter traffic levels.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

WatchGuard Firebox X1000          
WatchGuard Technologies
Fair, 4.9         
Cost: $3,000 
Bottom Line: The Firebox X1000 is a robust firewall that uses proxy technology for speedy deep-packet inspection. But a unintuitive, thick-client management interface, and a difficult and time-consuming configuration process make it unsuitable for SMBs that lack dedicated network security staff.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

INTRUSION DETECTION AND PREVENTION
Arbor Networks Peakflow X 3.0     
Arbor Networks
Excellent, 8.6
Cost: Typical deployment with Controller and Collector, $100,000
Bottom Line: Peakflow X focuses on detecting worm outbreaks. It excels at threat detection, sports a user-friendly interface, and is easy to manage as a distributed system. It's expensive to deploy, however, and requires a skilled administrator.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

ISS Proventia G200
Internet Security Systems
Very Good, 7.8         
Cost: Starts at $11,995       
Bottom Line: Proventia combines signature-based detection and prevention capabilities with a depth of packet analysis unmatched by its competitors, making it a good solution for monitoring and enforcing network policies. But a time-consuming configuration and a complex management interface mean it's less suitable as an everyday IDS.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  

Lancope StealthWatch 4.0 
Lancope
Excellent, 8.9
Cost: M45 appliance, starts at $9,995      
Bottom Line: StealthWatch tunes into deviations in normal network traffic and host behavior, an approach that enabled it to warn of a Sasser worm outbreak on the test network ahead of our signature-based detection systems. However, network expertise is required to use StealthWatch effectively; novice admins will be challenged.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

McAfee Entercept 5.0         
McAfee
Very Good, 8.2         
Cost: Management Server, $5,125; standard agents start at $793 for 100; Web and database server agents start at $2,900 for 100         
Bottom Line: Using signatures and behavioral rules to identify attacks, Entercept 5.0 effectively protects servers and desktops against new and known attacks. It thwarted all of our exploits and yielded no false positives. Reporting isn't stellar, but management is straightforward and flexible.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Palisade Systems SmokeDetector 2.1     
Palisade Systems
Good, 5.8      
Cost: $5,000 to $19,000, depending on number of emulated operating systems       
Bottom Line: The SmokeDetector is an effective, low-interaction honeypot, providing a GUI-based management console and good standard reports. However, it isn't easy to install or use, it offers limited flexibility in configuring emulations, and it lacks emulations of the latest OSes.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Sana Primary Response 2.2          
Sana Security
Very Good, 7.9         
Cost: Management server, $6,500; server agent, $1,750
Bottom Line: Primary Response blocks zero-day attacks, buffer overflows, and policy violations on Windows and Solaris servers. Agents are easy to install, learn normal host behavior automatically, and provide detailed information about attacks.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Related:
1 2 3 Page 2
Page 2 of 3