10th Annual Well-Connected Awards: Security

The security market has begun to wise up and focus its energies where assets reside--on the desktop or server. Network-centric technologies are the easy road because desktops and servers don't have to be touched, but network technologies can't protect data where it rests. Host protections, such as desktop firewalls integrated with VPN and antivirus, work together as a final line of defense against perimeter attacks. Host intrusion-prevention systems provide an added layer of protection by establishing tight controls that regulate access to system resources. Integration of host protection and network access that IPsec and SSL VPN vendors have built into their gateways will only mean better protection against fast-moving worms.

IPsec VPN

WINNER: Nortel Contivity Secure IP Services Gateway 5000. Nortel Networks, (800) 4NORTEL. www.nortelnetworks.comEach new build of Nortel's Contivity adds useful and well-thought-out features to an already solid platform. This year, the device's endpoint configuration validation and strong management capabilities were standouts. Because an IPsec VPN extends your internal network to external users, your perimeter protection must extend that far as well. Nortel's Tunnel Guard ensures that remote systems meet minimum requirements for application versions and running processes.

FINALISTS:
VPN-1 & Firewall-1 NG With Application Intelligence R55/VPN-1 Edge. Check Point Software Technologies, (650) 628-2000. www.checkpoint.com

Cisco VPN 3000 Concentrator Series/Cisco VPN 3002 Hardware Client. Cisco Systems, (408) 526-4000 (800) 553-6387. www.cisco.com

SSL VPN

WINNER: E-Gap Remote Access 3.0. Whale Communications, (877) 65-WHALE, (201) 947-9177. www.whalecommunications.comSSL VPNs are making headway in the secure remote-access market because they're easier to implement than their IPsec brethren. But SSL VPNs face the same problems as IPsec VPNs--such as how to manage unsecured endpoints and integrate with back-end authentication systems. Whale Communications' e-Gap Remote Access appliance can help resolve these problems with its robust authentication and single sign-on features, strong support for non-HTTP apps, and extensible remote host policy-configuration compliance engine.

FINALISTS:

Juniper Networks NetScreen-SA 5000 (formerly Access Series 5000 3.3). Juniper Networks (formerly NetScreen Technologies). (866) 368-3747, (408) 962-8200. www.juniper.net/netscreen_com.html

Nokia Secure Access System 1.0. Nokia Corp., (877) 997-9199. www.nokia.com/securenetworksolutions

Policy Monitor

WINNER: BindView bv-Control for Windows 7.2; BindView Policy Operations Center 4.2. BindView Corp., (800) 749-8439, (713) 561-4000. www.bindview.comBindView's bv-Control is a highly flexible and configurable system for ensuring that desktops and servers have the proper system-configuration options, including Group Policy Object and registry settings, password strength, user group membership, file and network share permissions, and a host of other variables on Windows and other OSs. We like the broad platform support and being able to schedule full or partial compliance checks as needed.

FINALISTS:
Enterprise Configuration Manager 4.5 with Security Update Manager 2.0. Configuresoft, (719) 447-4600. www.configuresoft.com

SecurityExpressions 3.0. Pedestal Software, (888) 664-7174, (617) 928-5550. www.pedestalsoftware.com

Network Intrusion Prevention

WINNER: McAfee IntruShield 4000. Network Associates, (888) VIRUSNO, (972) 963-8000. www.networkassociates.comNIP is a hot issue. Vendor claims that these devices will stop malicious traffic cold are shouted from the rooftops, while pundits say its all smoke and mirrors. But one thing is clear: Prevention begins with detection, and Network Associates' McAfee IntruShield 4000 sees all. We found its signatures accurate, and once we tuned the system to our network, false positives weren't much of a problem. Reporting, an integral part of IDS, was top-notch and intuitive. Performancewise, IntruShield stood up to our tests with nary a whimper.

FINALIST: Juniper Networks NetScreen-IDP 500. Juniper Networks (formerly NetScreen Technologies), (800) 638-8296, (408) 543-2100. www.juniper.net/netscreen_com.html

Multipurpose Security Appliance

WINNER: FortiGate-60. Fortinet, (866) 868-3678, (408) 235-7700. www.fortinet.com

Fortinet's FortiGate-60 takes not only the multipurpose security appliance crown but also is our security product of the year. This compact appliance has a broad range of functionality and plenty of depth. The antivirus engine, for example, supports a raft of common file-transfer protocols. For exploits that get through the first line of defense, the IDS detects common attack and DoS signatures.FINALISTS:

Astaro Security Linux 4 Enterprise. Astaro Corp., (781) 272-8787. www.astaro.com

EdgeForce. ServGate Technologies, (800) 597-5944, (408) 635-8400. www.servgate.com

RADIUS Server

WINNER: NavisRadius Authentication Server 4.3.9. Lucent Technologies, (888) 458-2368, (908) 508-8080. www.lucent.com

Authenticating remote and wireless users can be a mess without a robust RADIUS server. Lucent's full-featured NavisRadius fills the bill. With its smart out-of-the-box configurations, you can plug right into most environments, while more hands-on admins can wield fine-grained configuration controls. Add in strong troubleshooting tools to decode RADIUS exchanges, top-notch reporting and logging, flexible pricing and outstanding standards compliance, and NavisRadius provides the tools necessary to meet any AAA (authentication, authorization and accounting) requirements.FINALISTS:
Steel-Belted Radius 4.5. Funk Software, (800) 828-4146, (617) 497-6339. www.funk.com

RAD-Series RADIUS Server 6.1.2. Interlink Networks, (877) 960-2121, (734) 821-1200. www.interlinknetworks.com

Antivirus Suite

WINNER: NeatSuite. Trend Micro, (800) 228-5651, (408) 257-1500. www.trendmicro.com

The beauty of Trend Micro's NeatSuite is that it goes beyond conventional antivirus, which is primarily signature-based, by adding outbreak management features to let you get ahead of outbreaks through policy enforcement while a signature is developed and deployed. NeatSuite also sports support for common e-mail and file servers, a perimeter gateway with hardware acceleration, and a desktop agent.FINALISTS:
eTrust Antivirus 7.0. Computer Associates International, (800) 225-5224, (631) 342-6000. www.ca.com

McAfee Active Virus Defense Suite 7.1. Network Associates, (800) VIRUSNO, (972) 963-8000. www.mcafeesecurity.com

Host Intrusion Prevention

WINNER: Cisco Security Agent 4.0.1. Cisco Systems, (800) 553-6387, (408) 526-4000. www.cisco.com

Cisco's Security Agent is one of the most usable yet robust HIP products on the market. Profiling a server to learn normal behavior and then turning that knowledge into an enforceable policy is complex, but CSA has two features that take much of the pain out of the process. First, its canned polices for common server applications are effective with only minor tweaking. For other apps, CSA's Profiler monitors actions and builds a policy as it learns.FINALISTS:
AppFire Suite 3.0. Platform Logic, (301) 854-5550. www.platformlogic.com

Primary Response 2.1.1. Sana Security, (866) 435-7251, (650) 292-7100. www.sanasecurity.com

Security Information Management Suite

WINNER: ArcSight 2.2. ArcSight, (408) 328-5500. www.arcsight.com

Getting a grip on the copious stream of events that flows from your security devices is a daunting task. ArcSight's visualization tools, intuitive interface and rule correlation helped us aggregate and correlate all that data into usable report and alerts, so we could focus on what's important. Event processing can be split among multiple servers or consolidated on one, and the visualization tools present event trends in a graphical format that's easy to read and understand.FINALISTS:
netForensics Enterprise Starter Edition 3.1. netForensics, (732) 393-6000. www.netforensics.com

NeuSecure 1.6.1. GuardedNet, (888) 599-8297, (404) 591-8200. www.guarded.net

Network Behavior Anomaly Detection

WINNER: QVision 2.1. Q1 Labs, (888) 471-5221, (781) 250-5800. www.q1labs.com

When your IDS fails to detect an intrusion and your firewall logs are just too voluminous to mine, QVision network behavior-visualization tool shows you what's traversing your network. QVision does require up-front work to define anomalous traffic, but its ability to define specific types of network traffic, data reporting and trending capabilities, and over-time visualization gave us a new understanding of our traffic. Although Arbor Networks' PeakFlow won our NBAD review based on our scenario, QVision's broader capabilities earn it the top spot in this category.FINALISTS:
Peakflow X 2.2. Arbor Networks, (866) 212-7267, (781) 684-0900. www.arbornetworks.com

StealthWatch M100, G1 and Management Console 3.2. Lancope, (800) 838-6574, (770) 225-6500. www.lancope.com

MIKE FRATTO is editor of Secure Enterprise, a sister publication of NETWORK COMPUTING. Write to him at [email protected].FortiGate-60, Fortinet, (866) 868-3678, (408) 235-7700, www.fortinet.com

Fortinet's Fortigate-60 packs six critical functions--firewall, VPN, antivirus, content filtering, and intrusion and DoS detection--into one compact, well-rounded appliance. The hardware sports two WAN interfaces for failover, and each function can be enabled as needed to integrate with existing security devices. The Fortigate-60 is ideal for small companies that need an all-in-one box while allowing for growth and filling niche enterprise needs. The breadth and depth of functionality made this device a shoo-in for Security Product of the Year. We found that its intuitive user interface let us configure all features properly the first time out. That's vitally important for shops without a ton of IT expertise. And the fact that it includes all the items on our wish list means you won't have to spring for additional technologies to erect a strong wall between you and the bad guys.