NWC | Review | Security | Defense Starts Here |


				HOT PICKS • U.S. IT Salary Survey 2008 • Rolling Review: SOA Appliances • XKL Brings New Life To Dark Fiber

IMMERSE YOURSELF:

Storage & Servers

R E V I E W

Defense Starts Here

February 20, 2003
By Mike DeMaria

>> continued from previous page

Measuring Protection

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Measuring Protection
	Sygate Secure Enterprise 3.0
	Other Products Reviewed
	Executive Summary
	Beyond the Initial Expense
	The Layering Effect
	Report Card

Because protection is a desktop firewall's top concern, we used two programs-- FireHole and TooLeaky --to challenge and test each firewall's application-blocking abilities. These programs work by interjecting DLLs and Windows hooks into Internet Explorer. FireHole and TooLeaky got through each of the firewalls until we enabled component control; clearly, application control is insufficient to protect your network.

Only Symantec's Security Center failed to block these two Trojans. Symantec's product does include an antivirus program that could detect and purge widespread Trojans. However, this solution is reactive instead of proactive.

All the products we tested require a lot of administrative time, so an easy-to-use feature-management interface is key to reducing the TCO (total cost of ownership). Tiered administration, for example, lets you create admins for groups of users and delegate responsibilities. Using such a feature, you can create an admin to monitor the logs for potential attackers and another to manage the accounting group. We also examined a management server's high availability and load-balancing capabilities. Securitae CMDS, Symantec Security Center and Sygate Management Server have high availability.

With so many hardware and software layers, a secure network can become a quagmire without the right tools to tie everything together. We judged the products' integration capabilities, based on support for third-party security products, multiple policies and networks, and directory services. Sygate Management Server offers the best integration capabilities in these areas.

Likewise, the ability to set multiple policies based on location is a plus. We considered this an integration issue because the multiple policies affect users that roam across networks or need access to certain ports/programs while a VPN is active. Sygate's product excelled in its integration with supported VPN and antivirus products. You can create multiple policies more easily in Sygate Management Server than in any of the other programs we tested. This is useful if you want to set separate policies for people on the corporate network, on VPNs and using wireless.

Features

click to enlarge

For directory services, we evaluated if the products support user and group information from Active Directory, LDAP, RADIUS and NT domains. In this category, Zone Labs' Integrity excelled.

Reporting can be a godsend or completely useless for finding attackers. The Internet is a hostile place, with millions of scans for vulnerabilities conducted every second. Simple sweeps for vulnerabilities on the Internet occur often enough that tracking them is futile. However, you may be interested in knowing if scans are being conducted inside the LAN by a disgruntled employee. We evaluated reporting capabilities based on the number of available reports, filtering data and presentation.

Finally, though price is always important, we found that the vendors all quoted about the same list price, and we therefore gave it little weight on our scorecard.

After considering all these factors, we gave our Editor's Choice award to Sygate Secure Enterprise 3.0, which did the best job of balancing protection, management and integration. Each of the other products fell short in at least one area, and none approached Sygate's superiority across the board.