Sixty-eight solutions for protecting networks, and apps for thwarting intruders If anything was of greater concern to IT managers in 2003 than keeping costs down, it was security. Throughout the year, IT scrambled to thwart viruses and worms, identify and patch vulnerabilities, secure remote access and protect data traveling the Internet, and defend against intrusions and attacks on network resources and applications. And then there was that little annoyance called spam. Naturally, vendors tried to address these problems with all manner of products, and it seems we tested them all, reviewing nearly 70 security solutions in 2003 — almost one third of our total reviews.Highlights included two roundups of firewalls and firewall appliances, roundups of enterprise anti-virus gateways and server scanners, a feature and test of identity management solutions, a XML firewall roundup, a feature and two tests of SSL VPN appliances, three tests of vulnerability scanners, and a shoot-out of anti-spam gateways for large networks. Interspersed among all these comparative tests, we did stand-alone reviews of application firewalls, intrusion detection systems, network forensics appliances, patch management tools, and solutions for securing hosts, clients, and storage devices.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Anti-Spam Brightmail Anti-Spam Enterprise Edition 5.1 Brightmail Very Good (8.4) Cost: Yearly subscription: $1,499 for 50 users; $5,999 for 500; $35,000 for 5,000 Bottom Line: Brightmail’s gateway solution includes a spam folder agent for Exchange and IBM/Lotus Domino, allows Outlook users to provide “spam” or “not spam” feedback with a click, and has good reporting. However, administration is relatively inflexible; end-users cannot whitelist senders directly. Nevertheless, Brightmail proved the most accurate in filtering spam (96 percent successful). Excellent support and a large user base mean Brightmail should continue to have high accuracy.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –FrontBridge TrueProtect E-mail Security Suite FrontBridge Very Good (8.5) Cost: yearly subscription is $1,350 for 50 users; $9,000 for 500; $75,000 for 5,000 Bottom Line: The FrontBridge service blocked 90 percent of spam in tests, with few false positives. Adding users is virtually automatic, end-users can easily recover quarantined messages and whitelist senders, and reporting is excellent. However, real-time information is unavailable due to delays of up to six hours. FrontBridge also offers a good array of additional services, including mail policy enforcement and disaster recovery. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –NetIQ MailMarshal SMTP 5.5 NetIQ Very Good (8.4) Cost: Licenses fees: $1,295 for 50 users; $5,750 for 500; $39,500 for 5,000. Yearly maintenance fee is 18 percent of license. Enterprise version with four-server license is $2,000 plus $750 per 100 users Bottom Line: MailMarshal handles spam with a powerful management console, detailed reporting, and a number of functions for Windows-based Internet mail environments, including anti-relay, anti-spoofing, and filtering of dangerous file types. The gateway integrates with a variety of third-party anti-virus scanners, and the ongoing maintenance cost is much lower than other solutions.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Postini Perimeter Manager Enterprise Edition Postini Excellent (8.7) Cost: Yearly subscription is $1,350 for 50 users; $10,000 for 500; $68,750 for 5,000 Bottom Line: Postini’s service offers highly accurate spam filtering, a rich and flexible feature set, and granular administration, allowing anti-spam settings to be tightened or loosened to different e-mail types and policies to be tailored to individual users, groups, and domains. The service is easy to use for both admins and end-users. Postini was the only product tested to include anti-virus scanning in the base price.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Proofpoint Protection Server 1.2.1 Proofpoint Very Good (8.3) Cost: Yearly subscription is $1,000 for 50 users; $10,000 for 500; $54,049 for 5,000 Bottom Line: Proofpoint is demanding technically to install and configure, but the superb tech support makes this a nonissue. Spam filtering is highly accurate, and a flexible classification system allows administrators to configure different responses to spam depending on spam likelihood. End-users can easily recover quarantined messages and add senders to whitelists, and reporting features are excellent, but delegation of admin tasks is not as detailed or granular as with Postini. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –SpamAssassin 2.44 SpamAssassin Open Source Good (6.0) Cost: Free Bottom Line: SpamAssassinsoftware is free and plenty of add-ons are available on the Web, but this gateway is much more difficult to install and update than commercial alternatives. Complex setup, scanty documentation, ongoing research and tuning requirements, and lack of tech support make this a poor choice for most companies. Unless you have more staff than money, spend the $10 to $20 per user per year for one of the commercial gateways or services.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – SpamBayes for Outlook SpamBayes project Excellent (9.4) Cost: Free download Bottom Line: This powerful anti-spam weapon works with Microsoft Outlook filters and folders, trains on your own unique message database, and learns by watching you, responding to both positive and negative clues as to what constitutes spam. Most importantly, it’s immediately effective.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Anti-Virus Eset NOD32 2.0 Eset Software Excellent (8.6) Cost: $290 for 10-user license; $4,500 for 500-seat license Bottom Line: If resources are limited and anti-virus protection is the key, NOD32 may be the ideal compromise. It offers an easy-to-use interface, simple deployment, and solid performance. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –eTrust Antivirus 7.0 Computer Associates Very Good (8.4) Cost: Starts at $35 per user Bottom Line: Offering comprehensive virus protection to guard against malicious software coming in via e-mail or the Web, Computer Associates’ anti-virus solution is affordable, robust, and easy to manage.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – GFI MailSecurity for Exchange/SMTP 7.2 GFI Software Very Good (8.3) Cost: $6.99 per user for 500 users Bottom Line: Multiple scanning engines and e-mail-exploit protection set GFI MailSecurity apart from the rest. Providing content filtering and outbreak management features, it’s also easy to install and configure, and it can work as a gateway or integrated with the mail server. The only thing missing is a Web interface for remote management.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Gordano GMS Boundary Protection Version 9 Gordano Good (6.8) Cost: $11.92 per user for 1,000 users Bottom Line: GMS Boundary Protection is a complete mail solution in its own right. The anti-virus component is configured for the GMS mail server, making it difficult to integrate with existing SMTP servers. Nevertheless, anti-virus capabilities are solid, including outbreak alerts as well as disinfection and quarantine capabilities. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Network Associates McAfee VirusScan Enterprise 7.0 Network Associates Very Good (8.1) Cost: $51.31/seat for 500 seats, with AntiVirus Defense Suite and one year support Bottom Line: A solid solution for organizations seeking one tool to coordinate virus scanning, firewall polices, and usage policies over many servers and workstations. Its requirements are heavy and its setup complex, but its ambitious ePO (e-Policy Orchestrator) provides true enterprise policy management with virus signature-file updates and usage policy management.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Network Associates McAfee WebShield SMTP 4.5 Network Associates Very Good (7.2) Cost: $11.73 per user for 500 users Bottom Line: A great server-based anti-virus solution for organizations using McAfee on client desktops, due to integrated client-server management. The setup routine and administration interface really shine on this product. However, the limitation of a single scanning engine and the lack of a Web management interface hold it back.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Sophos Anti-Virus/Enterprise Manager Sophos Very Good (8.0) Cost: $19 per seat for 500 seats, with one-year license and one databank connection to Enterprise Manager Bottom Line: Sophos Anti-Virus/Enterprise Manager provides simple, straightforward anti-virus protection with very low barriers to deployment or management. Sophos performs well in recognizing viruses, and it wisely focuses on the one thing it does best — scanning files for virus payloads. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Sophos MailMonitor for Exchange 3.70 Sophos Very Good (7.0) Cost: $11.50 per user for 500 users Bottom Line: MailMonitor is a solid, server-based anti-virus solution featuring an intuitive management interface and tight integration with Exchange. The addition of multiple scanning engines, outbreak alerts, and a Web interface would be welcome. But what MailMonitor lacks in cutting-edge features, it makes up for in maturity.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Symantec AntiVirus Corporate Edition 8.0 Symantec Very Good (8.3) Cost: $26.70/seat for 500 seats, including one year Gold maintenance Bottom Line: A complete anti-virus distribution and event management system with a component-based approach, Symantec will manage anti-virus tools across a huge network while making good use of Microsoft’s own management console facilities.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Symantec AntiVirus for SMTP Gateways 3.1 Symantec Very Good (7.2) Cost: $11.60 per user for 500 users Bottom Line: Symantec AntiVirus is a solid implementation of an e-mail gateway, but it’s slightly hampered by a single scanning engine and the lack of built-in quarantining, which is available separately. Provides content-filtering and outbreak management features, and the Web interface allows management from anywhere on the Internet. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –TrendMicro ScanMail for Exchange 6.1 TrendMicro Very Good (7.3) Cost: $21.90 per user for 500 users Bottom Line: ScanMail is rich in security features, easy to set up and administer, and manageable by both Windows and Web clients. However, it falls short in value, costing significantly more than competing solutions. By default, ScanMail does not scan the bodies of incoming e-mails; this ill-advised setting hampered its performance out-of-the-box.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Application Security Akonix L7 Enterprise 2.0 Akonix Systems Very Good (7.3) Cost: $2,250 annual subscription for 50 users Bottom Line: This IM management server addresses security and productivity concerns around using public IM in the enterprise. The L7 proxy server works handily with a firewall to authenticate IM users, apply access policies, and log communications in SQL Server. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –DataPower XS40 XML Security Gateway DataPower Technology Excellent (8.6) Cost: $65,000 Bottom Line: The DataPower appliance looks and feels like a datacenter appliance: no extra ports or buttons exposed and no rotating media. The hardware-based XML processing allows pervasive Schema validation and enables flexible programming via the XSL style sheets.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –eEye SecureIIS Version 2.0 eEye Digital Security Very Good (8.1) Cost: $995 as tested; $2,995 for single server; $4,995 to $9,995 for enterprise license based on size of Web site, number of servers, and event management capability Bottom Line: SecureIIS wraps itself around an IIS server at the ISAPI (Internet Server API) layer, protecting servers from known and unknown attacks. This frees security admins from constant reactive analysis and patch management. Protection is quick to implement, effective, and has a minimal impact on performance.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Forum Sentry 1504 Forum Systems Very Good (7.9) Cost: $35,000 Bottom Line: Of the three XML firewall appliances tested, the Forum Sentry 1504 feels the most like a firewall, with an IOS (Internetwork Operating System) interface and policies selected according to XPath criteria. However, the Sentry’s multiple user interfaces can be confusing to users expecting a simpler entry point.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –KaVaDo ScanDo, InterDo, and AutoPolicy KaVaDo Excellent (9.3) Cost: $25,000 for suite; applications can be purchased individually Bottom Line: The KaVaDo suite guards against attacks on Web servers, Web app servers, and databases, working to scan and intercept malformed or unauthorized HTTP, WebDAV, and Web services requests, and to impose security policies on the use of Web applications.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Reactivity XML Firewall XF2150 Reactivity Very Good (8.3) Cost: Starts at $50,000 Bottom Line: The Reactivity appliance is very close in feel and philosophy to other Web service intermediary products, even though it has firewall roots. It’s a good choice when the goal is creating a secure interface to Web services; the management console is very intuitive.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Teros-100 APS Teros Excellent (8.8) Cost: $25,000 per APS, including optional modules Bottom Line: Teros-100 APS offers best-of-breed features in an advanced content-inspection product or application-layer firewall. It is simple to set up and manage, is broadly scalable, and is brutally effective at blocking content that could do as much damage to a company’s reputation as it could to its network.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Data Security Cyber-Ark Inter-Business Vault 2.0 Cyber-Ark Software Very Good (8.5) Cost: Starts at $56,000 for basic implementation Bottom Line: Cyber-Ark’s Inter-Business Vault provides a trustworthy, secure, and reliable infrastructure for sharing proprietary or confidential files with employees, customers, and partners. Multiple interface options provide simple ways of integrating the vault with legacy systems and external partners, making Inter-Business Vault worthy of consideration for any enterprise’s security and storage plans– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Decru DataFort E440 Decru Very Good (8.4) Cost: $30,000 Bottom Line: This security appliance encrypts sensitive business data on network storage devices, providing the ultimate protection against intrusions. It is an extremely effective complement to other security systems. Installation and configuration are straightforward and have minimal impact on end-users. Multiple appliances can be deployed in parallel and in fail-over mode to improve scalability and resilience.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –NetBotz WallBotz 500 NetBotz Excellent (9.1) Cost: $2699 with base station, one camera pod, and one sensor pod Bottom Line: The WallBotz 500 makes an outstanding addition to a network management and monitoring system. The easily managed, small, Linux-based appliance comes with a camera pod and sensor pod, including sensors for audio, temperature, high-res video, and more at a very reasonable price.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Firewalls Enterasys XSR-3250 Security Router Enterasys Networks Very Good (7.7) Cost: $9,995 base price; $1,495 firewall feature set; $5,495 VPN feature set Bottom Line: A classic security gateway, the Enterasys XSR-3250 is powerful and pricey. If you don’t require appliance-like ease of configuration and management, this machine is worth a look. Thanks to gigabit Ethernet capability, it easily led the field in our performance tests, including performance under attack.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Fortinet FortiGate FG500 Fortinet Very Good (8.3) Cost: $9,995 Bottom Line: The clear winner in our firewall performance tests, the FG500 delivers rock-solid performance and protection from attack. If management features combined with reasonable VPN support and unmatched persistent connection numbers are important to you, this firewall is worth the price.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Ingate Firewall 1400 Ingate Systems Very Good (7.1) Cost: $3,400 Bottom Line: Ingate’s firewall appliance features an easy-to-use Web-based management GUI that can control every aspect of the firewall’s configuration and operation, although it’s not quite as polished as Toshiba’s interface. With performance typical of an appliance, the Ingate managed to defend against all four of our attack scenarios, but overall throughput was significantly hampered by two of them.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Nokia IP380 Nokia Americas Very Good (7.3) Cost: $9,995 base price; $9,450 for unlimited Check Point Firewall-1/VPN-1 license Bottom Line: Nokia’s IP380 may not be an appliance, but it still represents a robust firewall and VPN concentrator for high-end businesses. Its dependence on Check Point’s Firewall-1/VPN-1 platform means not only added licensing costs, but also that a skilled Check Point administrator is required to configure it. Nevertheless, this security platform can protect anything from a small business to a large enterprise network.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Snap Gear SME550 Snap Gear Excellent (9.0) Cost: $499 Bottom Line: The SME550 provides exceptional value for its cost, including a large feature set and easy setup and it packs URL filtering, VPN tunneling, DNS proxy, and content filtering into one small box. It is ideal for remote offices, but can support larger offices as well. The clear management interface provides simplicity for beginners and plenty of control for advanced users.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –SonicWall Pro330 SonicWall Good (6.8) Cost: $2,795 Bottom Line: The SonicWall Pro330 provides an easy to use Web management GUI, which does a decent job of managing the firewall’s configuration and operation. With typical appliance-like performance, the Pro330 would more than fit the bill for midsize businesses. However, it was the least powerful of the options in our roundup.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Toshiba Magnia SG20 Toshiba America Information Systems Excellent (8.6) Cost: $2,295 base price Bottom Line: Combining Toshiba’s well-muscled hardware platform and Astaro’s secure Linux distribution, this product not only surprised us in benchmark testing, but also had the most polished and easy-to-use Web-based management system we’ve seen to date.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –WatchGuard Technologies Firebox V80 WatchGuard Technologies Very Good (8.5) Cost: $9,990 Bottom Line: The V80 won hands-down in the muscle portion of our VPN capabilities testing. Coupled with respectable firewall performance capability under duress and comparable pricing to Fortinet’s FG500, makes it the obvious choice for anyone who places higher value on high-volume VPN delivery.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Zyxel Zywall 100 Internet Security Gateway Zyxel Communications Very Good (7.8) Cost: $1,495 Bottom Line: The Zywall 100 is a comprehensive Internet security gateway for remote offices or small businesses connecting to the Internet via DSL or cable modem. If a company does not have a router in place, this device (combined with a broadband modem) might well be all the access control and routing hardware required — configuration with an existing router is more complicated, though. For most, Zywall is well worth a look for its set of security and access features.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Forensics Tools Niksun NetDetector Niksun Excellent (9.3) Cost: $28,000 as tested with four 10/100 interfaces Bottom Line: Niksun hits the mark with a well-designed and well-implemented network forensics tool that includes intrusion detection and data capture that can track security attacks or capture IM conversations. From the intuitive UI to the extremely responsive database, the NetDetector is a stellar blend of innovation and execution.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Sandstorm NetIntercept 2.0 Sandstorm Very Good (7.8) Cost: $8,900 Bottom Line: Sandstorm delivers a valuable tool with a relatively small price tag. The NI-S95 appliance performs well and offers genuine insight into the inner workings of your network. Its Spartan interface and limited performance, however, may not be up to every task.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –SpectorSoft Spector Professional Edition 4.0 SpectorSoft Very Good (7.3) Cost: $149.95 Bottom Line: This software records keystrokes, application information, and snapshots of workstation screens for analysis. The solution is great for confirmation if you think you have a problem with a particular user’s activities. When installed in stealth mode, Spector Professional is an invisible eye on employee workstations. It only supports certain chat clients, so you may want to create new policies on allowable applications.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –SpectorSoft eBlaster 3.0 SpectorSoft Very Good (7.5) Cost: $149.95 Bottom Line: This activity-monitoring solution records e-mail, chat, and Web activities, along with all keystrokes. It’s ideal for daily monitoring of users — a sort of “security camera in the hall” and assurance that employees are not behaving improperly. Summaries sent via e-mail make it easy to spot trouble. Captured activities and keystrokes are reported in HTML or text summaries sent by e-mail via the SpectorSoft SMTP server.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Identity Management Business Layers eProvision Business Layers Very Good (8.4) Cost: $9 per user; eProvision server, $45,000 Bottom Line: Business Layers delivers end-to-end ID management and provisioning through an elegant intranet portal; eProvision’s task generation and to-do-style user interaction are intuitive. On the back end, the logging and auditing tools are especially strong.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Courion Identity Management Suite Courion Very Good (7.9) Cost: AccountCourier, $30 per user; ID Management Suite, $50 per user Bottom Line: Courion’s suite is a contender in the identity management field with robust back-end integration abilities and portal-based management. Courion’s strong point is its capability of pulling together information from disparate directories, but its reliance on third-party applications for certain functions could hit the budget hard.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Sun ONE Identity Server 6.0 Sun Microsystems Very Good (8.0) Cost: $10 per user for 50,000 user license, scaling to $2.64 per user for five-million-plus user license Bottom Line: Sun’s identity management platform facilitates single sign-on across company domains without requiring a single repository for identity data, and allows IT administrators to manage user and application authentication across domains and operating platforms from a central console.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Intrusion Detection And Prevention NetScreen IDP-100 NetScreen Excellent (8.9) Cost: $16,495 Bottom Line: NetScreen’s IDP-100 is impressive, combining IDS (intrusion detection system) functions, application-layer packet filtering, and a plethora of application and attack signatures with an intuitive cross-platform management interface.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Network Associates McAfee IntruShield 2600 Network Associates Good (6.8) Cost: IntruShield 2600 sensor and IntruShield Manager software, $43,000 Bottom Line: IntruShield 2600 and IntruShield Manager software make up an IDS capable of handling the traffic loads of large enterprises. A combination of behavior signatures and port-traffic heuristics make the system sensitive to a wide variety of events, though in testing it missed the common WebDAV attack. Manager is easy to use and understand, but some key operations take more mouse clicks than they should. Overall, it’s a highly capable, useful system with room for improvement.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Okena StormWatch 3.2 Okena Very Good (8.3) Cost: Management Server, $1,495; Server Agent, $1,800; Desktop Agent, $85 Bottom Line: Okena’s intrusion prevention system provides a significant measure of protection to network servers and workstations through network and application firewalling, user-authentication auditing, and event reporting using centrally controlled agents installed on each computer.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –QualysGuard Enterprise Intranet Scanner Qualys Very Good (8.1) Cost: $2,995; $21,995 annual subscription for 512 live desktops; $30,995 for 1.024 live desktops Bottom Line: Qualys delivers an easy-to-use, easy-to-deploy appliance for managing vulnerabilities. Comprehensive scans and reports can be managed via a Web browser. However, some companies will be uneasy about not having their data stored locally.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Network Security ArcSight 2.0 ArcSight Very Good (8.0) Cost: $75,000 and up Bottom Line: ArcSight’s strong monitoring and rich reporting, coupled with its timely analysis of log files produced by network devices, gives enterprises that can’t tolerate downtime an opportunity to improve their network monitoring while keeping personnel costs down.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –InfoExpress CyberGatekeeper Remote Policy Enforcer InfoExpress Very Good (8.5) Cost: CyberGatekeeper Agent starts at $40 per seat for 1,000 seats; CyberGatekeeper Server, $6,500 or two for $9,820 Bottom Line: This scalable network auditing, authentication, and gatekeeper solution boasts versatile network configurations. It provides impressive granular control over establishing policies and can recognize multiple types of remote user systems, their versions, and installed applications.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Pedestal Software Intact 3.5 Pedestal Software Good (6.3) Cost: $445 per server, including Manager Bottom Line: Intact is primarily designed for networks of Microsoft servers running NetBIOS, a vanishing breed of networking software in today’s security environment. Intact will work in other environments if you take the time to learn how, but unfortunately, documentation is poor and database connections are unstable without special tweaking.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –St. Bernard UpdateExpert 6.1 St. Bernard Software Very Good (7.9) Cost: One-year license: $1,400 for one to 100 seats; $5,580 for 1,000 seats, $30,490 for 5,000 seats, $48360 for 10,000 seats Bottom Line: UpdateExpert is a mature patch-management solution for Windows OSes that is almost as easy on the budget as it is to deploy and manage. It doesn’t hog space on servers or client resources, and it extends reliable patch management through firewalls and proxy servers and to highly secured, disconnected networks. However, it works on Windows platforms only.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Sygate Secure Enterprise 3.5 Sygate Technologies Very Good (8.5) Cost: $55 per seat for 500 users; $32 per seat for 10,000 users Bottom Line: Sygate’s policy-based combination of firewall, intrusion detection, and application-integrity checking makes this a must-deploy product for enterprises interested in securing vulnerable hosts. While lacking its own anti-virus or VPN components, Sygate has certified support from an impressive number of vendors. Management control and reporting from client Agents was extensive, but the Java-based management console is sometimes lacking.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Tripwire for Servers 4.0 Tripwire Very Good (7.7) Cost: Tripwire for Servers, $595 per server; Tripwire Manager, $6,995 Bottom Line: It’s clear why Tripwire is the leader in the change-detection market. While the software may be something of a pain to install, once running, it’s stable, easy to use, and very flexible. Tripwire supports most platforms (except Mac and NetWare) found in an enterprise environment.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Zone Labs Integrity 2.0 Zone Labs Very Good (8.4) Cost: Starts at $65 per client; Integrity 2.0 server is free Bottom Line: Allowing administrators to centrally manage personal firewalls throughout the organization, Integrity 2.0 offers the flexibility of client-level protection with the ability to enforce security policies across large numbers of users and groups.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –VPNs Array Networks Array SP Array Networks Good (6.4) Cost: $35,000 for a 500-concurrent-user license Bottom Line: The Array SP secures remote-user access using SSL and provides URL filtering, firewall capabilities, and SSL acceleration. It is geared toward securing Web-based apps, and lacks a network-level IPSec-style client. Plus, setup can be burdensome.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –F5 Networks FirePass 1000 F5 Networks Very Good (8.3) Cost: $9,990 for a 25-concurrent-user license Bottom Line: The FirePass 1000 provides a complete mix of secure remote access to protected servers. SSL VPN capabilities are well represented, including an IPSec-style network-level component. Although it’s not perfect, the FirePass doesn’t come up lacking in any one area.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Neoteris Access Series 3000 Neoteris Very Good (7.9) Cost: $29,995 as tested, includes 50 concurrent users from unlimited-seat pool, unlimited provisioned back-end servers Bottom Line: This appliance provides SSL VPN to hosted resources. It works with various authentication servers, boasts granular resource management, and requires no client-side configuration. Policy-definition options are numerous, though policy creation can be complex and policies are “open” by default.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Netilla Security Platform Release 4.0 Netilla Networks Very Good (7.4) Cost: $15,500 as tested, includes 10 thin-client licenses, 50 Web application licenses, 50 thick-client (SSL tunnel) licenses Bottom Line: A reliable security platform with built in fail-over support, this box offers solid security, straightforward policy definition, and a nice portal for end-users. However, policy management is not as easy as it could be, the range of SSL cipher levels is limited, and it lacks LDAP support.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Vulnerability Assessment Core Impact 3.1 Core Security Technologies Good (6.8) Cost: Starts at $2,500 for eight nodes Bottom Line: Core Impact 3.1 can be used as part of a larger security assessment to ensure a corporation is locked down against intruders. Although this latest iteration is an excellent tool for teaching IT staff how to exploit hosts such as a cracker, there are other alternatives — outsourced and automated vulnerability-assessment tools may better suit an enterprise’s goals.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –eEye Enterprise Vulnerability Assessment eEye Digital Security Very Good (8.1) Cost: Retina, $6,520 for 250 IP addresses; Retina Remote Manager, $1,995 per Retina scanner; REM Events Server, $4,995; REM Events Manager, $9,995 including five manager accounts Bottom Line: This network security management solution consolidates vulnerability assessments from multiple networks into a single management point, helping to identify and to remediate vulnerabilities while keeping staff resources in check.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Foundstone FS1000 Appliance Foundstone Very Good (8.2) Cost: $6,700; $25, 600 for 500 live devices and $35,200 for 1,000 live devices Bottom Line: Foundstone’s vulnerability assessment appliance brings a lot of horsepower to the task of finding holes in an enterprise network. Although trending is excellent and reporting is succinct, we found rough spots in the user interface.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –ISS Internet Scanner 7.0 Internet Security Systems Good (5.6) Cost: $9,375 for 500 devices; $12, 745 for 1,000 (does not include annual maintenance fee) Bottom Line: Internet Scanner lacks features of pricier competitors such as Foundstone and Qualys, but proved fairly easy to use, thanks to a straightforward interface and excellent help system. It also delivered accurate vulnerability assessments, but only basic reporting capabilities and, worse, crashed repeatedly during testing.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Latis Networks StillSecure VAM 2.5 Latis Networks Very Good (7.6) Cost: $1,500 for eight scanned server devices to $150,000 for unlimited scanned devices Bottom Line: StillSecure VAM wraps an open source vulnerability-assessment tool in an enterprise-class package, adding strong scheduling, remediation tracking, and UI features. This is a good package for those looking to build vulnerability assessment into their network-upkeep routine.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Nessus 2.0.6 Nessus Project Good (6.4) Cost: Free Bottom Line: Nessus offers a basic solution to finding holes in an enterprise network, and comes at a price that can’t be beat. It performs active or passive scans, and provides the essential info on found vulnerabilities and how to fix them, but it has no historical trending, remediation tracking, or scan scheduling capabilities.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Rapid7 NeXpose 3.0 Rapid7 Very Good (7.7) Cost: Varies by number of IP addressed scanned; from $8,750 for 64 addresses to $75,000 for a Class B network Bottom Line: NeXpose is easy to set up and use, and provides a high level of detail in identifying exploitable security issues and their remediation. Novices beware: Scanning all ports and all features on a large network is a mistake, time wise.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –Sanctum AppScan DE 1.7 Sanctum Excellent (8.6) Cost: $1,495 per developer Bottom Line: Easy to operate and extremely thorough, AppScan DE is a worthwhile tool for developers interested in shoring up a Web application’s security. The help screens and in-line comment information alone are eye-opening reading.– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –SPI Dynamics WebInspect 3.0 SPI Dynamics Very Good (8.0) Cost: Starts at $4,995 per server; annual licensing available Bottom Line: This easy-to-use tool conducts security assessments for Web-based applications and SOAP-based Web services on Windows 2000 and XP. A comprehensive vulnerability database ensures coverage, but WebInspect 3.0 needs expert guidance, particularly during configuration, to ensure proper coverage and reduce false positives. Software DevelopmentTechnology IndustrySecuritySmall and Medium Business