Zone Labs Updates Integrity Security Policy Enforcer

Zone Labs on Monday unveiled a new version of its Integrity endpoint policy enforcement software -- Integrity 5.0 -- that adds additional integration with products from Check Point, which is in the process of acquiring the San Francisco-based security firm.

Integrity 5.0 ensures that endpoint systems -- laptops, desktops, and even mobile devices -- are meeting security policies established by the IT department before access to the network, either from within the firewall or remotely from outside the perimeter, is allowed.

Boasting increased integration with Check Point's popular line of virtual private networking (VPN) access and firewall products, Integrity 5.0 guarantees that only systems meeting security policies can connect remotely via VPN, said Fred Felman, vice president of marketing for Zone Labs.

"Integrity allows administrators to deploy and manage a very flexible set of alternative rules if a client is out of compliance with policies," Felman said. Those rules can be set to, for instance, shut down the client completely if it doesn't meet security specs, redirect the client to a reference system that will automatically download the necessary security patches the client lacks, or require it to connect to a "sandbox" server disconnected from the overall network.

Integrity 5.0 also boasts new certifications with a wide range of 802.1x-enabled devices, including those from Cisco, Microsoft, Aruba, Funk, and Enterasys, said Felman."The new integration with security-enabled switches," said Felman, "ensure that before someone has a chance to enter a password for access to the network, the client is checked for compliance with the set policies."

The new centrally-managed policy maker and enforcer also now sports support for security patches and service packs -- such as the blizzard of those released by Microsoft -- so that endpoint machines are forced to deploy those that administrators think are necessary before the systems connect to the enterprise environment.

Other improvements to Integrity 5.0 include new enforcement support for anti-virus products from Computer Associates and Sophos, in addition to existing support for Symantec, McAfee, and Trend Micro software. Integrity 5.0 automatically gathers signature file updates for products from all five companies from a reference PC, then deploys them immediately so that end-point systems are brought into compliance.

As a complement to Integrity 5.0, Zone Labs is also rolling out an updated edition of Integrity IM Security 5.0, with new protection for the ICQ instant messaging service (IM Security already supported AOL's, Yahoo's, and MSN's public IM networks).

"Enterprises are finding that they can't just say "no" to workers to use public networks," said Felman, "and the addition of ICQ is significant. Lots of technical folk in business are addicted to ICQ."Integrity IM Security 5.0, for instance, lets administrators decide which file extensions or links can be transmitted via IM, putting an end to potentially dangerous file types -- such as .exe -- and preventing users from surfing to possibly malicious Web sites where worms and Trojan horses lurk.

Policies, whether generated by Integrity 5.0 alone, or in conjunction with Integrity IM Security 5.0, are automatically pushed down to each client, another automated advantage of the enforcement system, said Felman.

Although Zone Labs is in "the paperwork phase" of its $205 million acquisition by Check Point, said Felman, and the integration with its soon-to-be master is an important part of the upgrade to 5.0, that doesn't mean Zone Labs will concentrate only on Check Point security solutions.

"We'll maintain Zone Labs an independent division of Check Point, and we'll be integrating Integrity with a lot of others vendors in the future," said Felman. "It just doesn't make sense to say we can't support others beyond Check Point."

The new Integrity server software supports Windows 2000 and Windows 2000 Advanced Server, while the Integrity clients run on Windows 95, Windows 98 Second Edition, Windows 2000, Windows NT 4.0 Workstation, and Windows XP Professional.Integrity 5.0 will be available this spring, said Zone Labs, at prices beginning at $65 per seat, with a server license included. The optional Integrity IM Security 5.0 module comes with a price tag starting at $20 per user. Volume discounts will be available.