Security
From securing apps to securing networks, 2005 sported products to lock down, lock in, and lock up enterprise resources
It was another year of heavy action in information security. Vendors tackled the spyware problem from every direction, and nobody battled better than F-Secure. Vontu and Reconnex stood out in the new class of insider-threat managers; ConSentry and Elemental Security served notice in the network access control space; e-Security and Network Intelligence brought polish to security event management; and F5 and Juniper held the lead among SSL VPNs. In our titanic test of identity management suites, a rich and refined Novell solution slipped away with the prize, but not without stiff competition from Courion, IBM, Sun Microsystems, and Thor Technologies.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANTI-SPAM
Good, 7.9
Bottom Line: Immunity 2.0 offers solid performance and excellent integration with Exchange. Performance was well within acceptable parameters, and false-positive performance improved with training. Pricing is below most competitive products, especially appliances.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Very Good, 8.6
Bottom Line: This 2U appliance provides comprehensive e-mail protection for the enterprise, with great manageability, superior performance, and lots of flexibility. With plenty of processing capacity, this system is capable of reducing admin costs for very large organizations or ISPs. Smaller companies should look for the C10 or C30.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Excellent, 9.2
Bottom Line: The RazorGate appliance is a very effective anti-spam solution, boasting high accuracy with no false positives, easy installation, and good price per user. MailHurdle technology greatly reduces the load by keeping a significant number of unwanted messages from ever reaching the filter.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Very Good, 8.4
Bottom Line: By creating unique, reusable e-mail addresses for users, Reflexion Total Control offers a very effective filterless approach to stopping spam and protecting against directory harvest attacks. In my tests, I found no false positives. The solution also empowers admins to track where spammers are getting their information. On the downside, there's no provision for bulk imports of addresses.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
ANTI-SPYWARE AND ANTI-VIRUS
Computer Associates eTrust PestPatrol Anti-Spyware Corporate Edition r5
Good, 7.6
Bottom Line: CA's eTrust PestPatrol provides very good detection and removal of installed spyware. Its admin UI is easy to install, maintain, and use, but reporting is very limited. Real-time detection and prevention of initial spyware installation is very weak: It allows spyware to install but prevents the processes from running.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Eset NOD32 2.5 Antivirus System
Good, 7.2
Bottom Line: NOD32 Antivirus System has the potential to be a major anti-spyware player with a few enhancements, such as more streamlined installation. Policies are flexible, but building them is a chore. Reporting is very strong, allowing for many different views into workstation histories; detection and prevention are merely average.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
F-Secure Anti-Virus Client Security 6
Excellent, 9.3
Bottom Line: F-Secure has rolled anti-virus, anti-spyware, and personal firewall protection into a single package. It has the best real-time protection of any products in this roundup, stopping all attempts. Reporting is excellent, but it suffers from some organizational issues in the administrative UI.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
GreenBorder Professional Edition 2.7.2
Good, 7.7
Bottom Line: GreenBorder works by running all IE and Outlook untrusted content inside a virtual environment. It successfully removes most spyware and malware, but overall protection capability is potentially diminished because it runs malicious code in the virtual environment and against other untrusted networks.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Excellent, 8.7
Bottom Line: LANDesk Security Suite scales to any size and complements the already strong LANDesk product family. It has very good detection and remediation, and its real-time protection is above average, although an IE toolbar did slip through. Reporting is top-notch, but admin overhead is considerable.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
McAfee VirusScan Enterprise 8.0 with Anti-Spyware Enterprise Module 8.0
Very Good, 8.2
Bottom Line: The addition of Anti-Spyware Enterprise Module to VirusScan Enterprise makes for a very scalable platform for protecting your network from spyware and viruses. Reporting capabilities are excellent, but real-time protection is only average. Administration is more difficult than that of most other products.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Sunbelt CounterSpy Enterprise 1.5
Very Good, 8.5
Bottom Line: CounterSpy Enterprise was one of the easiest products to install and maintain in our test. The real-time protection allows spyware to install before CounterSpy terminates it, but its on-demand detection and remediation is very good. Reporting is good, but not as strong as some of the other solutions in our tests.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SurfControl Enterprise Protection Suite -- Enterprise Threat Shield
Very Good, 8.3
Bottom Line: SurfControl Enterprise Threat Shield is easy to install, and administration isn't overly complex. Real-time protection is better than average. It relies, however, on a management server connection, so disconnected users lose some protection. It has a very small memory footprint, even during an on-demand scan.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Preview
Bottom Line: SpyCatcher is easy to deploy and administer and provides great detection and remediation. Real-time protection doesn't block spyware installations, but it does stop any process from launching. Reporting is good but lacks customization.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Trend Micro Anti-Spyware for SMB 3.0
Very Good, 8.1
Bottom Line: Anti-Spyware for SMB will likely be one of the best anti-spyware products available, once it matures a bit. Real-time protection allows spyware to install before Trend Micro clamps down on it. On-demand scans and cleans work well; reporting could be stronger with customization options.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Webroot Spy Sweeper Enterprise 2.5
Excellent, 8.8
Bottom Line: Spy Sweeper is one of the best all-around anti-spyware tools. It offers good real-time protection and excellent detection and remediation. Spy Sweeper is flexible enough that administrators can easily create policies based on specific needs. Reporting would be better if it allowed customizable reports.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
APPLICATION SECURITY
Application Security AppDetective 5.0
Very Good, 8.5
Bottom Line: AppDetective is a serious tool for testing app security. It comes with plenty of pre-configured tests, plus its extensible framework allows you to easily create your own. Viewing and fixing vulnerabilities is very easy, and jobs can be scheduled. It isn't as smart as one might like it to be out of the box, but it can be quickly configured to suit anyone's needs.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Excellent, 8.8
Bottom Line: Hailstorm 2.5 is an easy-to-use yet very powerful tool for analyzing a Web-based application's overall security and regulatory compliance. The best part is the Crystal Reports-based reporting engine and its drill-down capabilities. Not only does Hailstorm pinpoint problems in the app, but it also provides correction information for faster fixes.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Very Good, 8.3
Bottom Line: SiteDigger automatically scans Web sites using Google and reports any security vulnerabilities available via public search engines. As a result, security officers reduce the chance for malicious users to use search engines in locating sensitive information on corporate Web sites. The only drawback is a reliance on Google's API, which limits you to 1,000 searches per day.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FullArmor IntelliPolicy for Clients 1.5
Good, 7.8
Bottom Line: IntelliPolicy for Clients is a powerful front-line systems administration tool aimed at maintaining tight control and repeatable configurations across a large number of Windows desktop systems. You must be skilled in Windows administration to make use of this product, but it provides flexibility and granular control impossible to achieve with Windows' native tools.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Preview
Bottom Line: Kavado's new Defiance TMS (Threat Management System) not only brings centralized management to multiple application firewalls, but it minimizes the impact on application performance through the intelligent coordination of passive monitoring and active filtering. InterDo users will recognize the Defiance configuration GUI, the wizard-based setup routine, the security dashboard, and the learning mode that allows admins to refine security filters.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Very Good, 8.6
Bottom Line: WebXM scans large Web sites and generates interactive Web-based reports that detail a range of online risk and compliance issues. A new security component pinpoints weaknesses that could result in ID theft and related losses. Integrated issue management helps prioritize and track critical changes.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
DATA SECURITY
Control Break SafeBoot Device Encryption 4.2
Good, 7.6
Bottom Line: This full-disk encryption product is designed to protect a lost or stolen laptop or PDA. It will prevent anyone from using the device or retrieving data on it, but it doesn't protect against intrusions while the machine is in use. If you must have full-disk encryption, this is a better choice than SafeGuard.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Credant Mobile Guardian Enterprise Edition v. 4.3.1
Very Good, 8.6
Bottom Line: This easy-to-manage, easy-to-implement solution encrypts only the data that needs it, including temporary files. It also protects files from intrusion, even while the machine is running. Given its reasonable pricing and minimal impact on managers, users, and system performance, it's a good bet.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
iLumin Assentor Compliance 3.3
Good, 7.8
Bottom Line: Assentor Compliance scans and archives messages and helps ensure e-mail follows corporate and regulatory requirements. It works well with all e-mail platforms and supports IM, Bloomberg, and BondDesk. The UI isn't pretty, but admins can quickly adjust message-retention length and other features.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Very Good, 8.0
Bottom Line: Ingrian DataSecure provides centralized encryption and management of database and application data. Setup is slowed by a cumbersome interface, and not all data types are supported, but flexible policies and role-based security make it very easy to control access to encrypted data.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Good, 7.8
Bottom Line: The small Stealth drive offers biometric authentication and 256-bit AES encryption for enhanced and easily transportable data security. Downsides include the small storage size and no shared encrypted storage.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Oakley Networks Insider Threat Manager 3.0
Preview
Bottom Line: Oakley Networks' ITM (Insider Threat Manager), an unobtrusive server-agent solution, provides enterprisewide monitoring of workstations and laptops, even those used remotely or wirelessly. Providing Tivo-like activity recording, flexible rules, and the capability to sense both pre- and post-encryption actions on the desktop, ITM deserves a look from any company with heavy-duty data protection needs.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Preview
Bottom Line: Orchestria uses a client-side agent to monitor e-mail, IM, and Webmail communications at the desktop and to block non-compliant e-mail messages in real time. Version 4.0 adds real-time enforcement for Bloomberg messaging and Weblog postings, as well as the ability to import and analyze mail journals from IBM Lotus Notes and Microsoft Exchange and IM archives from FaceTime and Iron Mountain.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - -