Features

ArcSight's flagship product, the ArcSight Enterprise Security Manager, is a security event management (SEM) tool capable of analyzing large mounts of network data in real time. The IDS model fell down because the flood of unfiltered alerts overwhelmed the resources of security teams, but SEM provides correlation, filtering and analysis to, in theory, allow the few real threats to be picked out of the blizzard of less important alerts and false positives.

Sourcefire calls its 3D System a "network defense system," avoiding the now loaded terms IDS and IPS. But while some of its components are strictly IDS or IPS, the package as a whole deserves a much broader description.

Fortinet's FortiGate 5020 is built using a powerful chassis containing dual, hot-swappable power supplies as standard, building in redundancy. The chassis can also house two 5001 blades, each of which comes with four copper Gigabit Ethernet ports and four small, form-factor pluggable (SFP) ports.

Symantec's Gateway Security 5440 fits in the middle of its 5400 series range. It comes with six Gigabit Ethernet interfaces, although you can also buy the 5441, with four fiber and two copper interfaces instead.

Microsoft's Internet Security & Acceleration (ISA) Server 2004, is the company's application for turning a Windows 2000 or 2003 server into an enterprise firewall. Installation was painless on our test Windows 2003 server.

The Nokia-Check Point partnership has been a successful one, combining Nokia's excellent hardware implementation with Check Point's proven security technology, as we can see with the IP380. Aimed at the small enterprise or branch office, the IP380 comes with a cryptographic accelerator, capable of 130Mbps of 3DES VPN traffic and four Fast Ethernet ports. With two spare slots in the 1U chassis, you can upgrade network capability at a later date.

Nortel's whole approach to security is different to the other manufacturers on test, as this bundle incorporates two products: the 6600 Accelerator and the Director 5024 firewall.

Better known for its smaller appliances, SonicWall has pushed into the enterprise market with its Pro 5060f. Running SonicOS Enhanced 3.1, the 1U appliance houses a 2.4GHz Intel Xeon processor, 512MB of RAM and six Gigabit Ethernet interfaces. The 'f' in our model signifies that two of these ports are multimode fiber, but you can buy a 5060 with six copper ports.

CyberGuard's TSP3600 is a beast of a firewall. A case 5U high houses a RAID array for data protection, 13 Gigabit Ethernet ports and one Fast Ethernet (up to a maximum of 30 ports) – more than enough ports to cope with very large networks.

We evaluated a previous version of PC-Duo and were generally impressed with its intuitive interface and no-nonsense functions. We are pleased to report that the previous strengths – an attractive and intuitive interface – remain. The functionality has also been well considered and will be truly useful in a broad range of operational scenarios.

SecurityExpressions is a comprehensive audit and compliance software tool which is easy to deploy and usable in most computing environments. It can audit systems either with or without agents deployed on the target machines.

Track-It comes in three flavors, with varying levels of sophistication: Standard, Professional and Enterprise.

Ecora Enterprise Auditor 3.5 is a comprehensive package tailored to fit into most contemporary IT environments.

Auditing software requirements will naturally vary between organizations. In many cases, a relatively straightforward approach will be all that is necessary. But sometimes you might want a higher level of analysis and control.

The LANDesk Management Suite is much more than just an auditing tool. It is a comprehensive group of tools for generally managing a corporate network which might include large numbers of clients.

LANsurveyor 9 is a subtly different program from others tested here. At its heart is a graphical mapping capability that allows you to create "maps" of your network to various levels of detail. These maps might be used solely within the program, or be exported in a variety of formats, including Microsoft Visio, so you can edit them as appropriate to your organizational requirements.