Jon Tullett

Unlike the data acquisition tools here, WinTasks is intended to give administrators a view of the running state of a system, helping to identify and track malicious activity.

As an alternative to costly proprietary tools, we sourced a variety of open source software, with the goal of emulating as much of the feature-sets offered by closed source products, such as EnCase and ProDiscover.

As any security administrator knows, the only thing as bad as not enough information is too much. Staying on top of the overwhelming flood of information from every device is a difficult job. Information comes in as events, alerts, notifications of changes or just status updates. Making sense of it all requires efficient correlation tools, like the Network Intelligence logging appliances.
Network Intelligence sent us the HA 2000, the smallest version of its enterprise-class product suite, fitting in between the EX series targeting SMEs, and the LS series for large environments. The system runs Windows 2000 Server in a 2U rack-mount chassis. The HA 2000 is licensed to handle a maximum of 2,000 events per second (EPS), from a maximum of 64 information sources. There are several larger versions available (chiefly a matter of licensing, although at 4,000 EPS the devices start shipping with more on-board disk and memory), up to 6,000 EPS, for monitoring up to 1,024 network devices. And they can be clustered, up to three units together for triple the throughput.

The SmartFilter product from Secure Computing was one of the earliest products to perform category-based URL filtering. Now in version 3.2, the basic principles of the product remain, with performance and management improvements aimed at making the task of controlling web access as simple as possible.
SmartFilter is intended to sit on a web proxy behind a firewall, or on the firewall itself. The product comprises agents that reside on the gateways, a management server that runs on Windows, Solaris and Linux servers, and a management console which can run on the same platforms. The server and console components are both Java based.

The Sybari Antigen suite consists of components that cover Exchange, SharePoint and Domino, the first of which was submitted for this Group Test. The software includes the Central and Quarantine Managers and Job Scheduler.

F-Secure's offering includes several components: a Policy Manager (the hub of the suite), an Anti-Virus Management Wizard and the Policy Manager Reporting Option.

The Gordano Message Suite is not an anti-virus solution per se, it is a complete web-based messaging system with email, instant messaging, calendar feature and message filtering. The whole lot is managed from a central web console which is clean and consistent, with the exception of a Windows utility to add users to the database.

The LANDesk Management Suite, previously owned by Intel, is the only product in this Group Test which is not in fact an anti-virus solution at all. It offers network management and software deployment, which is basically what anti-virus management is all about anyway.

McAfee is one of the best-known names in anti-virus, and we expected impressive results from testing ePolicy Orchestrator 2.5. The product is capable of managing several anti-virus solutions, including McAfee's own and Symantec's Norton, with support for others in the pipeline. Although policies for separate products are configured individually, the integrated management interface will immediately be useful to large enterprises with multiple anti-virus solutions.

Sophos sent us the Sophos Enterprise Manager suite, which really consists of two components. SAVAdmin controls client activities, and the Enterprise Manager collects updates and software packages for deployment.

The Trend Micro Control Manager is designed to manage Trend Micro's many and varied anti-virus products. This is another company which has made strong moves into Unix platforms, with products for Linux, Solaris and HPUX.

ViRobot is a lesser-known anti-virus solution from Korean developer Global HAURI. It is not really a newcomer - it has been in the market since 1998 - but it has taken until recent times to really start to make a mark in Western markets.

First there was Sniffer, Network Associates' traffic capture and analysis tool, which rapidly carved itself a position as the tool of choice for network engineers of all kinds. Then there was Sniffer Wireless, bringing the capabilities of the Sniffer engine to 802.11 wireless networks, a logical extension to the Sniffer brand which already supported a range of environments including LANs, remote networks and telecom networks. Now we have Sniffer Wireless PDA, porting that wireless analysis suite to a handheld platform, targeting network managers and security professionals with an overriding need for portability.

EnCase from Guidance Software has established itself as the leading tool for forensic investigators. Perceiving a need for similar tools in the enterprise space, the company announced EnCase Enterprise Edition, bringing most of the functionality enjoyed by criminal forensic investigators to corporate users.