We accepted only products that engage in monitoring and continuous tracking of user activities on networked computers for this review. The solution must be able to perform in an enterprise setting with at least 1,000 users and provide a central management and reporting console. At a bare minimum, the products must monitor and report on Internet (HTTP) and e-mail use; none of the tested products supports IMAP. Products in this category ranged from monitoring-only solutions to those that perform both monitoring and filtering.

What Do Readers Think? Check out our e-poll results about online privacy.

Filtering products provide an enforcement mechanism to block identified network traffic as it passes through a device or proxy server. Traffic can be identified using a number of methods, such as TCP port, destination address, URL in HTTP or the content of a message. Once the traffic is identified, a number of configurable actions, including block, delete and save, can ensue. For this review, however, we accepted products that perform only monitoring. These solutions identify abuse and enable enterprises to craft AUPs (acceptable-use policies). Once AUPs are in place, monitoring products will identify violations, which can be addressed by human-resources personnel. Although filtering products provide a sharper set of teeth, they can also hurt network performance.

Nine vendors responded to our invitation. Ultimately, we put products from Elron Software, eSniff Corp., Pearl Software and SurfControl through their paces at our Syracuse University Real-World Labs® in Syracuse, N.Y. All the products captured network packets equally well, and no product distinguished itself in our capacity tests. We compared and contrasted the products by their ability to monitor traffic types and the ease with which they could be configured to report that traffic in a variety of formats. We also scrutinized the products' management tasks and installation procedures to give network administrators an idea of how network monitoring would affect their quality of life.

ESniff 1100 earned our Editor's Choice award by providing a path of least resistance to monitoring network use and for its superiority in identifying abuse. Installing and configuring the 1100 was almost easier than taking it out of the box. Its ability to monitor HTTP, POP3, SMTP, FTP, telnet and Internet chat was matched in the single-product category by Pearl Software's Pearl Echo 4.0 Global Internet Management, but Echo does not monitor telnet activity. No other product in the review matched the 1100's ability to capture the entire content of downloaded HTTP pages.

Elron's IM (Internet Manager), which comprises Web Inspector and Message Inspector, and SurfControl's SuperScout (Email Filter and Web Filter) come with substantive monitoring tools, but in each case you'll suffer through two product installations and configurations to get to them. Web Inspector monitors and reports on HTTP and telnet activity, while Message Inspector scrutinizes POP3, SMTP and NNTP (Network News Transfer Protocol) traffic. Message Inspector can also monitor MAPI (Message Application Programming Interface) and report on Microsoft Exchange mail. SuperScout's Web Filter reports most Internet protocols and applications but limits HTTP monitoring to the URL address field; SuperScout's Email Filter does provide full-content monitoring. Once installed and configured, however, Elron's and SurfControl's products received the highest scores in the reporting category.

Pearl Echo, a capable tool with a painless software installation and very good monitoring capabilities, brings up the rear because it lacks the detailed reporting tools provided by Elron and SurfControl. It is, however, the only product we tested that can keep an eye on remote users.

Trisys' Insight Server and Insight Client were intriguing but not easily compared with the other entries because this suite monitors PC processes rather than network activity. We include Insight in our features chart and discuss it in "Insight to the Enterprise", but we do not include it in our Report Card.

Four of the nine respondents did not fulfill the minimum requirement for inclusion in our review. Websense's Websense Enterprise 4.2 and Cerberian's Internet Access Management Service monitor and manage Internet use but not e-mail.

Telemate.Net Software failed to make the cut with its NetSpective offering, an Internet usage-management tool that collects logs from firewalls, proxy servers and e-mail servers. Although fully capable of reporting network activity, NetSpective does not engage the monitoring activity directly, instead requiring a product like Microsoft's Proxy Server 2.0 or Check Point Software Technologies' FireWall-1. Telemate.Net officials said the company will rectify this shortcoming later this year, when it will begin shipping NetSpective WebFilter, a network appliance that monitors HTTP, FTP and NNTP resources.

Finally, 8e6 Technologies (formerly Log On Data Corp.) shipped us its X-stop R2000, which monitors and manages network activity, and its X-stop ES2000 e-mail and spam filter. However, the company failed to include a reporting mechanism. Previous versions of the R2000 and ES2000 shipped with NetSpective, but after we installed, configured and ran tests on both of 8e6's hardware solutions, neither could report its monitoring capabilities. As this article went to print, 8e6's reporting tool was in beta.

Our review goes beyond collecting and reporting on network traffic. Ask any administrator who's plugged Network Associates' Sniffer or Shomiti's Surveyor into a network to find chattering network cards or duplicate IP addresses, and he or she will tell you there's a lot going on there. When it comes to the collected data, Ethernet networks and the monitoring activity can quickly become a management issue. Most products we tested provide a default Microsoft Data Engine (MSDE) 1.0 database and support MS-SQL Server 7 for sites that accumulate more than 2 GB of monitoring data. Elron's product also supports Oracle, while SurfControl relies on a default Microsoft Access database; eSniff provides proprietary log-analysis tools that will not scale beyond 1,000 users. All our participants provide tools to archive logs and data, but more important, each provides a proprietary technology to filter and capture network traffic that violates acceptable-use policies.