From securing apps to securing networks, 2005 sported products to lock down, lock in, and lock up enterprise resources It was another year of heavy action in information security. Vendors tackled the spyware problem from every direction, and nobody battled better than F-Secure. Vontu and Reconnex stood out in the new class of insider-threat managers; ConSentry and Elemental Security served notice in the network access control space; e-Security and Network Intelligence brought polish to security event management; and F5 and Juniper held the lead among SSL VPNs. In our titanic test of identity management suites, a rich and refined Novell solution slipped away with the prize, but not without stiff competition from Courion, IBM, Sun Microsystems, and Thor Technologies.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –ANTI-SPAM Cloudmark Immunity 2.0 Cloudmark Good, 7.9 Bottom Line: Immunity 2.0 offers solid performance and excellent integration with Exchange. Performance was well within acceptable parameters, and false-positive performance improved with training. Pricing is below most competitive products, especially appliances.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – IronPort C60 IronPort Very Good, 8.6 Bottom Line: This 2U appliance provides comprehensive e-mail protection for the enterprise, with great manageability, superior performance, and lots of flexibility. With plenty of processing capacity, this system is capable of reducing admin costs for very large organizations or ISPs. Smaller companies should look for the C10 or C30. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Mirapoint RazorGate Mirapoint Excellent, 9.2 Bottom Line: The RazorGate appliance is a very effective anti-spam solution, boasting high accuracy with no false positives, easy installation, and good price per user. MailHurdle technology greatly reduces the load by keeping a significant number of unwanted messages from ever reaching the filter.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Reflexion Total Control 3.0 Reflexion Network Solutions Very Good, 8.4 Bottom Line: By creating unique, reusable e-mail addresses for users, Reflexion Total Control offers a very effective filterless approach to stopping spam and protecting against directory harvest attacks. In my tests, I found no false positives. The solution also empowers admins to track where spammers are getting their information. On the downside, there’s no provision for bulk imports of addresses.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –ANTI-SPYWARE AND ANTI-VIRUS Computer Associates eTrust PestPatrol Anti-Spyware Corporate Edition r5 Computer Associates Good, 7.6 Bottom Line: CA’s eTrust PestPatrol provides very good detection and removal of installed spyware. Its admin UI is easy to install, maintain, and use, but reporting is very limited. Real-time detection and prevention of initial spyware installation is very weak: It allows spyware to install but prevents the processes from running.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Eset NOD32 2.5 Antivirus System Eset Good, 7.2 Bottom Line: NOD32 Antivirus System has the potential to be a major anti-spyware player with a few enhancements, such as more streamlined installation. Policies are flexible, but building them is a chore. Reporting is very strong, allowing for many different views into workstation histories; detection and prevention are merely average. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – F-Secure Anti-Virus Client Security 6 F-Secure Excellent, 9.3 Bottom Line: F-Secure has rolled anti-virus, anti-spyware, and personal firewall protection into a single package. It has the best real-time protection of any products in this roundup, stopping all attempts. Reporting is excellent, but it suffers from some organizational issues in the administrative UI.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – GreenBorder Professional Edition 2.7.2 GreenBorder Good, 7.7 Bottom Line: GreenBorder works by running all IE and Outlook untrusted content inside a virtual environment. It successfully removes most spyware and malware, but overall protection capability is potentially diminished because it runs malicious code in the virtual environment and against other untrusted networks.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – LANDesk Security Suite 8.6 LANDesk Excellent, 8.7 Bottom Line: LANDesk Security Suite scales to any size and complements the already strong LANDesk product family. It has very good detection and remediation, and its real-time protection is above average, although an IE toolbar did slip through. Reporting is top-notch, but admin overhead is considerable.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – McAfee VirusScan Enterprise 8.0 with Anti-Spyware Enterprise Module 8.0 McAfee Very Good, 8.2 Bottom Line: The addition of Anti-Spyware Enterprise Module to VirusScan Enterprise makes for a very scalable platform for protecting your network from spyware and viruses. Reporting capabilities are excellent, but real-time protection is only average. Administration is more difficult than that of most other products.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Sunbelt CounterSpy Enterprise 1.5 Sunbelt Software Very Good, 8.5 Bottom Line: CounterSpy Enterprise was one of the easiest products to install and maintain in our test. The real-time protection allows spyware to install before CounterSpy terminates it, but its on-demand detection and remediation is very good. Reporting is good, but not as strong as some of the other solutions in our tests.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – SurfControl Enterprise Protection Suite — Enterprise Threat Shield SurfControl Very Good, 8.3 Bottom Line: SurfControl Enterprise Threat Shield is easy to install, and administration isn’t overly complex. Real-time protection is better than average. It relies, however, on a management server connection, so disconnected users lose some protection. It has a very small memory footprint, even during an on-demand scan.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Tenebril SpyCatcher 4.0 Beta Tenebril Preview Bottom Line: SpyCatcher is easy to deploy and administer and provides great detection and remediation. Real-time protection doesn’t block spyware installations, but it does stop any process from launching. Reporting is good but lacks customization.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Trend Micro Anti-Spyware for SMB 3.0 Trend Micro Very Good, 8.1 Bottom Line: Anti-Spyware for SMB will likely be one of the best anti-spyware products available, once it matures a bit. Real-time protection allows spyware to install before Trend Micro clamps down on it. On-demand scans and cleans work well; reporting could be stronger with customization options.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Webroot Spy Sweeper Enterprise 2.5 Webroot Excellent, 8.8 Bottom Line: Spy Sweeper is one of the best all-around anti-spyware tools. It offers good real-time protection and excellent detection and remediation. Spy Sweeper is flexible enough that administrators can easily create policies based on specific needs. Reporting would be better if it allowed customizable reports.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –APPLICATION SECURITY Application Security AppDetective 5.0 Application Security Very Good, 8.5 Bottom Line: AppDetective is a serious tool for testing app security. It comes with plenty of pre-configured tests, plus its extensible framework allows you to easily create your own. Viewing and fixing vulnerabilities is very easy, and jobs can be scheduled. It isn’t as smart as one might like it to be out of the box, but it can be quickly configured to suit anyone’s needs.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Cenzic Hailstorm 2.5 Cenzic Excellent, 8.8 Bottom Line: Hailstorm 2.5 is an easy-to-use yet very powerful tool for analyzing a Web-based application’s overall security and regulatory compliance. The best part is the Crystal Reports-based reporting engine and its drill-down capabilities. Not only does Hailstorm pinpoint problems in the app, but it also provides correction information for faster fixes.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Foundstone SiteDigger 2.0 Foundstone Very Good, 8.3 Bottom Line: SiteDigger automatically scans Web sites using Google and reports any security vulnerabilities available via public search engines. As a result, security officers reduce the chance for malicious users to use search engines in locating sensitive information on corporate Web sites. The only drawback is a reliance on Google’s API, which limits you to 1,000 searches per day.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – FullArmor IntelliPolicy for Clients 1.5 FullArmor Good, 7.8 Bottom Line: IntelliPolicy for Clients is a powerful front-line systems administration tool aimed at maintaining tight control and repeatable configurations across a large number of Windows desktop systems. You must be skilled in Windows administration to make use of this product, but it provides flexibility and granular control impossible to achieve with Windows’ native tools.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Kavado Defiance TMS Kavado Preview Bottom Line: Kavado’s new Defiance TMS (Threat Management System) not only brings centralized management to multiple application firewalls, but it minimizes the impact on application performance through the intelligent coordination of passive monitoring and active filtering. InterDo users will recognize the Defiance configuration GUI, the wizard-based setup routine, the security dashboard, and the learning mode that allows admins to refine security filters.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Watchfire WebXM 4.0 Watchfire Very Good, 8.6 Bottom Line: WebXM scans large Web sites and generates interactive Web-based reports that detail a range of online risk and compliance issues. A new security component pinpoints weaknesses that could result in ID theft and related losses. Integrated issue management helps prioritize and track critical changes.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –DATA SECURITY Control Break SafeBoot Device Encryption 4.2 Control Break International Good, 7.6 Bottom Line: This full-disk encryption product is designed to protect a lost or stolen laptop or PDA. It will prevent anyone from using the device or retrieving data on it, but it doesn’t protect against intrusions while the machine is in use. If you must have full-disk encryption, this is a better choice than SafeGuard.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Credant Mobile Guardian Enterprise Edition v. 4.3.1 Credant Technologies Very Good, 8.6 Bottom Line: This easy-to-manage, easy-to-implement solution encrypts only the data that needs it, including temporary files. It also protects files from intrusion, even while the machine is running. Given its reasonable pricing and minimal impact on managers, users, and system performance, it’s a good bet.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – iLumin Assentor Compliance 3.3 iLumin Software Services Good, 7.8 Bottom Line: Assentor Compliance scans and archives messages and helps ensure e-mail follows corporate and regulatory requirements. It works well with all e-mail platforms and supports IM, Bloomberg, and BondDesk. The UI isn’t pretty, but admins can quickly adjust message-retention length and other features.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Ingrian DataSecure 4.0 Ingrian Networks Very Good, 8.0 Bottom Line: Ingrian DataSecure provides centralized encryption and management of database and application data. Setup is slowed by a cumbersome interface, and not all data types are supported, but flexible policies and role-based security make it very easy to control access to encrypted data.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – MXI Stealth Memory Experts International Good, 7.8 Bottom Line: The small Stealth drive offers biometric authentication and 256-bit AES encryption for enhanced and easily transportable data security. Downsides include the small storage size and no shared encrypted storage.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Oakley Networks Insider Threat Manager 3.0 Oakley Networks Preview Bottom Line: Oakley Networks’ ITM (Insider Threat Manager), an unobtrusive server-agent solution, provides enterprisewide monitoring of workstations and laptops, even those used remotely or wirelessly. Providing Tivo-like activity recording, flexible rules, and the capability to sense both pre- and post-encryption actions on the desktop, ITM deserves a look from any company with heavy-duty data protection needs.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Orchestria 4.0 Orchestria Preview Bottom Line: Orchestria uses a client-side agent to monitor e-mail, IM, and Webmail communications at the desktop and to block non-compliant e-mail messages in real time. Version 4.0 adds real-time enforcement for Bloomberg messaging and Weblog postings, as well as the ability to import and analyze mail journals from IBM Lotus Notes and Microsoft Exchange and IM archives from FaceTime and Iron Mountain.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Reconnex iGuard 3300, Version 1.4 Reconnex Excellent, 8.9 Bottom Line: iGuard analyzes multiple protocols and content types at network speeds. Users can easily create customizable rules for message monitoring, capture, storage, and data mining. Examiners get notifications of violations and effortlessly view the actual content. The system is notable for saving all communications.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Reconnex iGuard Release 2.1 Reconnex Preview Bottom Line: Reconnex iGuard 2.1 adds executive-level summaries, DHCP Host-Name Resolution to match IP addresses to machine names and specific users, and an auto-complete search form that speeds creating complex inquiries. Reconnex’s underlying hardware also gets a significant boost.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – SecureWave Sanctuary Device Control 3.0.1 SecureWave Very Good, 8.3 Bottom Line: Sanctuary Device Control restricts devices that can be plugged in to systems, thus minimizing the threat of losing sensitive information. These measures also help companies meet compliance requirements. Default policies are global, making deployment quick, while exceptions to user rights are done equally fast. Device Control provides a complete audit log of every event and can capture all data written to devices.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Tablus Content Alarm NW 2.1 Tablus Very Good, 8.4 Bottom Line: Content Alarm’s distributed, scalable architecture is appropriate for global enterprises. A combination of linguistics analysis, keywords, and signatures discover damaging data. File crawlers accurately classify data and manage documents through their lifecycles. An encrypted audit log maintains message details.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Utimaco SafeGuard Easy 4.11 Utimaco Fair, 6.8 Bottom Line: Limited and expensive, this full-disk encryption product hasn’t kept up with current security requirements. Not only does it not protect against intrusion, it increases the likelihood of such intrusions because it requires users of Windows XP SP2 to defeat an important security feature in order to use the Central Administration Package.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Vericept Enterprise Risk Management Platform 7.1 Vericept Very Good, 8.5 Bottom Line: Vericept’s monitoring, reporting, and inquiry tools help spot general data-leak problems; reports verify compliance. Flexibility is strong, with time-based inspection of inbound and outbound traffic and auto-routing of problematic messages to designated auditors, but messages aren’t blocked.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Vontu 4.0 Vontu Excellent, 9.1 Bottom Line: Vontu provides exceptional administration of all data loss-prevention activities and a great collection of built-in compliance policies. Monitors inspect outbound network traffic and message content in all protocols and report incidents quickly. VontuPrevent allows for inline e-mail management.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Vormetric CoreGuard 3.1 Vormetric Very Good, 8.0 Bottom Line: CoreGuard sets a high bar for server-encryption solutions, protecting your files above the OS level and going far beyond simple compliance requirements. It creates an application security policy by digitally signing your apps and all of their DLLs. You can further protect your system by creating access policies on your system, user, and Registry files on any type of I/O.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –FIREWALLS Check Point Safe@Office 425w Check Point Software Technologies Very Good, 8.0 Bottom Line: Check Point Safe@Office 425w packs a lot of punch into a small, orange space. Although it has an excellent internal feature set — especially noteworthy are the VPN and routing capabilities — and a nicely intuitive management interface, the 425w’s reliance on add-on subscription services may pump its already meaty price out of some folks’ budgets.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Ingate Firewall 1600 Ingate Systems Good, 7.9 Bottom Line: Ingate’s Firewall 1600 has more capabilities than the Firewall 1400, including SIP remote connectivity, VoIP survival, and Gigabit Ethernet. The management interface is easy to use, and the 1600 will support as many as 360 simultaneous calls. The price is a bit steep, especially if you add the annual maintenance.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – SonicWall TZ170w SonicWall Good, 7.8 Bottom Line: The SonicWall TZ170w combines an attractive price with most of the enterprise features of the Check Point Safe@Office425w — and a few others, such as Wireless Guest Services. Its interface isn’t as slick as the 425w’s, and its service lineup is smaller, but the TZ170w still has plenty of security muscle.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – WatchGuard Firebox X2500 WatchGuard Technologies Very Good, 8.1 Bottom Line:The X2500 is a capable firewall with app-layer security for Web sites, e-mail, and FTP servers, plus spam filtering, anti-virus, and a sophisticated policy engine. Setup and administration are not for the inexperienced: Settings are required in several places to get most features running.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –INTRUSTION DETECTION AND PREVENTION Determina SecureCore 2.0 Determina Very Good, 8.1 Bottom Line: Using Memory Firewall technology to isolate an attack, SecureCore2.0 denied the malicious entry of persistent server attacks and yielded no false positives. The deployed agent is stealthily quiet, but management and reporting could use some enhancement. Lack of management server security was worrisome.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Lancope StealthWatch Xe Lancope Preview Bottom Line: Working in conjunction with network infrastructure products from Cisco Systems, Foundry Networks, Juniper Networks, and others, Xecollects and analyzes NetFlow data to provide a view into strange and threatening traffic running on network segments lacking IDS sensors. Whether you use Xe to extend your existing StealthWatch deployment or as a point solution, it will bring powerful threat detection capabilities to opaque segments of your network.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – NFR Sentivist 5.0 NFR Security Preview Bottom Line: NFR Security’s IPS product is largely what you’d expect for an enterprise-class IPS, with some nice touches, but the one thing that sets Sentivistapart from the competition is its presentation of data. The newly released Sentivist 5.0 helps you immediately visualize security events of magnitude, essentially giving you a vulnerability-driven network operations center.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Sana Primary Response SafeConnect Sana Security Preview Bottom Line: This new host-based IPS for Windows clients could revolutionize the way spyware and other malicious code is detected and removed. Host systems are protected without the use of signatures or the time-consuming process of scanning for infection.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – TippingPoint UnityOne IPS TippingPoint Very Good, 8.3 Bottom Line: TippingPoint brings a fourfold approach to inline intrusion prevention, including useful traffic shaping features and DoS and spyware protections that edge competitors. A breeze to implement and easy to manage as a distributed system, this IPS excels as a set-it-and-forget-it solution. However, it is expensive to deploy in comparison to the competition.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – V-Secure IPS Version 7.0 V-Secure Technologies Preview Bottom Line: V-Secure’s “closed loop” filtering process is designed to avoid false positives and allow the IPS to dynamically adjust filters as attacks change. The software learns normal network behavior automatically, and it adapts to changes in normal traffic over time. Version 7.0 introduces bidirectional protection and worm defenses — protection against abnormal port activity — making a case for deployment on internal LAN segments.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –NETWORK SECURITY Caymas 525 Identity-Driven Access Gateway Caymas Systems Excellent, 8.7 Bottom Line: Caymas’ secure remote-access appliance bundles an SSL VPN with site-to-site and client-to-site IPSec VPN features and tightly integrates an application-layer firewall and IDS based on open source Snort signatures. End-point management and security are good, but miss non-Windows platforms.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Check Point Integrity 6.0 Check Point Software Technologies Very Good, 8.1 Bottom Line: This version of Integrity shows that a great deal of effort went into making the product a good fit for the security-minded enterprise. Leveraging strong client security with the Zone Labs pedigree, plus solid management and reporting capabilities, Integrity is a strong contender for end-point security and policy-based network access control.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Citadel Hercules 4.0 EVM Suite Citadel Security Software Very Good, 8.6 Bottom Line: Hercules 4.0, a vulnerability management suite, audits systems for security policy and compliance violations. The nifty Remediation Manager aggregates and fixes problems identified by the Compliance module and third-party scanners. It includes risk analysis features to check for dangerous configurations and calculate risk ratings so key devices get priority remediation.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – ConSentry CS2400 Secure LAN Controller ConSentry Networks Excellent, 9.3 Bottom Line: Controller does double duty by enforcing network access control policies on enterprise users and by capturing and decoding packets through layer 7. This awesome visibility gives security admins the tools to craft broad or granular user access policies based on app, port, group affiliation, or any combination of these. The Secure LAN Controller does not do any host checking or validation but will work with most third-party platforms, including Cisco Trust Agent.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Courion Enterprise Provisioning Suite 7.20 Courion Good, 7.7 Bottom Line: Courion’s suite represents not only one of the fastest and most flexible solutions we saw but also one of the most complicated and expensive. If you can get past these hurdles and need the depth it offers, this solution will certainly serve you well in the long term.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Elemental Compliance System 1.1 Elemental Security Excellent, 9.3 Bottom Line: With its powerful policy engine, ECS 1.1 can enforce connectivity restrictions based on a large number of criteria. Reporting capabilities are huge, and the amount of data recorded is staggering. It won’t replace a standard IDS, but it’s a potent platform for discreetly managing all hosts on the network.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – e-Security Sentinel 5.1 e-Security Excellent, 9.2 Bottom Line: e-Security Sentinel and its related products have improved over time. Sentinel 5.1 is a well-designed, flexible, highly scalable product that should support an enterprise of nearly any size. The company’s recent focus on compliance only serves to add value. Other than its steep price, we found little to complain about.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Guidance EnCase Enterprise 5 Guidance Software Very Good, 8.0 Bottom Line: EnCase Enterprise offers a solid set of tools and processes to empower the trained investigator. Coupled with intrusion detection, EnCase will yield accurate investigations to help any company ensure that it is within regulatory requirements and is protecting its intellectual capital.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – HP ProCurve Access Control Security Solution Hewlett-Packard Good, 7.8 Bottom Line: HP has accomplished much in the integrated ProCurve security architecture, but the end-to-end buy-in might prove to be rather steep. The virus-throttling feature is well-done, but the ProCurve switching hardware platform is simply long in the tooth and needs an overhaul.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – IBM Tivoli Identity Manager 4.6 IBM Good, 7.8 Bottom Line: IBM Tivoli Identity Manager showcased back-end prowess, but the front end was more complex than it should be. The directory integration tool is powerful and capable, and the solution as a whole is solid. ITIM just needs more work on the UI and reporting functions.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – InfoExpress CyberGatekeeper LAN 2.0 InfoExpress Fair, 6.8 Bottom Line: Although flexible and scalable, this system requires a client install that creates overhead regardless of how lightweight it is. Furthermore, it has a short list of supported core network gear. Its saving grace is that when a client fails an audit, the system forwards it to a captive portal for required remediation.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Microsoft Identity Integration Server 2003, Enterprise Edition Microsoft Good, 7.1 Bottom Line: MIIS benefits from deep integration with Windows Server 2003, but you’ll need expertise in multiple aspects of that Windows environment to accomplish tasks that should be handled by MIIS alone. On the upside, MIIS sports the lowest price tag in this ID management roundup.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Microsoft Windows Server Update Services Microsoft Excellent, 9.1 Bottom Line: Microsoft’s quasi-free patch management software expands its coverage to include “the rest of Windows,” the Office family, and a limited number of server software packages. Reporting is decidedly improved, and clients are easily grouped for greater manageability. WSUS can even be used to roll back patches, if the patch supports removal.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Network Intelligence 7550-HA Network Intelligence Excellent, 9.2 Bottom Line: Depending on the version you buy, Network Intelligence’s SEM is as fast as anything else available. All data received from security events is stored in a proprietary database designed for speed, so no normalization or consolidation of the data is required. We found the 7550 appliance to be very scalable, effective, and capable of managing almost any type of event.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Nevis LANenforcer Nevis Networks Preview, Bottom Line: LANenforcer takes a hardware-based approach to policy-based network user access, installing transparently between users and the central wiring closet and using custom ASICs to perform packet inspection and policy enforcement. A clientless end-point access control mechanism does slow down the initial log-on process a little, but it can go a long way toward preventing “out of date” systems from accessing the network and spreading infection.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Novell Identity Manager 2 Novell Very Good, 8.2 Bottom Line: Novell does well on integration via eDirectory’s metadirectory capabilities. This suite has powerful graphical workflow and front-end design tools and perhaps the most intuitive UI in our roundup, but there’s still some XML validation work even here.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Sourcefire 3D System, Version 4.0 Sourcefire Very Good, 8.1 Bottom Line: Sourcefire 3D leverages the Snort IDS for rule-based detection and prevention but adds network profiling and vulnerability assessment. The result is powerful, flexible capabilities for flagging attacks and network policy violations. However, configuring rules and tweaking Snort updates to reduce false positives can be time-consuming.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – StillSecure Safe Access 3.0 StillSecure Very Good, 8.2 Bottom Line: Easy to install and manage, this NAM (network access management) solution is almost ready to go right out of the box with default configuration settings. Three testing technologies can be used, and default test scripts are all that most companies will need — customized scripts can be built using Python.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Sun Java System Identity Manager 5.5 Sun Microsystems Very Good, 8.1 Bottom Line: Sun’s Identity Manager stood out mostly on maturity. This isn’t a gee-whiz package, but everything you expect to be there is there, and it simply works. Implementation and pricing are definitely enterprise-oriented, and certainly this solution deserves a close look for large deployments.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Sygate Enterprise Protection 5.0 Sygate Very Good, 8.3 Bottom Line: Sygate has been monitoring enterprise clients for security and operational compliance for many years, and it shows. Solid policy management and reporting capabilities make this a stand-out solution. New peripheral compliance management brings the use of USB storage and other peripheral devices under administrative control.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Symantec Security Information Manager 9550 Symantec Very Good, 8.2 Bottom Line: The 9550 is Symantec’s new SEM (security event management) appliance, designed for easy implementation and ease-of-use. The included DeepSight reporting network connection gives you the ability to correlate security events on a global basis — a powerful capability. Unfortunately, the only way to scale the 9550 is to add more of them.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Thor XellerateIM 8.0 Thor Technologies Very Good, 8.0 Bottom Line: Powerful, capable, and complex, Thor XellerateIMbreezed through the test scenarios with ease. The focus on agentless operation is a bonus, and the reporting and alerting is handled very well. The cost is quite significant, but you get what you pay for.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Trustgenix IdentityBridge Standard Edition Trustgenix Very Good, 8.6 Bottom Line: IdentityBridge is a streamlined federated identity product for edge sites. It’s SAML- and Liberty Alliance-compliant but has been hobbled to restrict usage to only identity provider sites. It’s Windows -centric and can maintain just one association. That said, the price is right.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Vernier EdgeWall Express 7000 Vernier Networks Good, 7.6 Bottom Line: There’s no denying that EdgeWallaccomplishes a lot: It’s a feature-rich product that relies heavily on vulnerability scanning and network packet inspection. Missing critical client-side interrogation checks and lack of scan-test customization hamper an otherwise promising product.– – – – – – – – – – – – – – – – – – – – – – – – – – – – –VPNS AEP Networks Netilla Security Platform AEP Networks Very Good, 8.0 Bottom Line: AEP improved NSP’s authentication support and added end-point host checking via Sygate On-Demand. It handles TCP-based thin-client applications in a unique way, using a method based on Tarantella’s server proxy software. Although NSP is a solid performer, its policy granularity could be better.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Array Networks SPX3000 Array Networks Very Good, 8.5 Bottom Line: Array adds full layer 3 tunneling and Sygate-based end-point security checking with this release. The SPX3000’s Web proxy is the only one in the roundup to support complex content, including Flash. VLAN support is available, and the appliance can be partitioned into virtual sites. Its UI is a little rough.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Aventail EX-1500 Aventail Very Good, 8.4 Bottom Line: The EX-1500 is a good all-around performer, but it supports only unidirectional TCP and UDP connections, rather than true IPSec-style layer 3 tunneling. Its admin UI is easy to navigate, and its end-point security management, when coupled with client software from WholeSecurity or Zone Labs, is among the best.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Check Point Connectra 2.0 Check Point Software Technologies Very Good, 8.2 Bottom Line: This no-nonsense, secure-access gateway provides a full complement of remote-access methods and decent end-point security. Built-in app firewall features and Clientless Integrity Scan offer extra layers of network protection. However, it relies too much on IE and lacks customization of many security settings.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – enKoo-3000 Remote Access Appliance enKoo Good, 7.7 Bottom Line: The enKoo-3000 allows managers of smaller networks to implement effective SSL VPNs without breaking the bank. It lacks end-point integrity checking and the bells and whistles of leading enterprise solutions, but it covers the essentials. Some enKooservices monkey around with the end-user’s Hosts file.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – F5 Networks FirePass 4100 F5 Networks Excellent, 8.8 Bottom Line: The FirePass 4100 is one of the strongest platforms for Web, thin-client application and layer 3 connectivity. It supports IPSec termination and includes a built-in browser-based remote desktop access application. Unfortunately, F5’s homegrown end-point security software misses the mark.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Juniper Networks NetScreen-SA 5000 Juniper Networks Excellent, 8.9 Bottom Line: There’s nothing you can’t do with the NetScreen-SA 5000. It’s a beast of a box, providing exceptional capabilities with fine-grained control. All remote-access modes are available, and authentication services leave nothing to chance. Its weakest link may be the bewildering number of UI options.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Nokia Secure Access System 3.0 Nokia Good, 7.9 Bottom Line: NSAS will get you up and running quickly, but despite top-notch Web-based access, support for TCP/IP-based thin-client applications is clunky, and some admins may find scripting its end-point security software a chore. Lack of support for third-party end-point security software is a particular flaw.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – Nortel VPN Gateway 3050 Nortel Very Good, 8.2 Bottom Line: The VPN Gateway 3050 is a solid all-around performer that eases migration from IPSec to SSL remote users. It provides all of the necessary VPN methods and comes with good, but not great, end-point security. Its layer 3 and end-point management require IE, reducing its secure-access portability. Security