Features

Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.

Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.

Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.

This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.

One thing that cannot be overlooked in network security is the ability to test weaknesses like a hacker. The RETINA Network Security Scanner is one such tool - and probably one of the fastest ones on the block.

Most of the products tested in the round up for this Group Test have been primarily aimed at the larger enterprise, as they tend to have the largest pockets and more need for protection. Barbedwire Technologies aims at the more modest-sized organization with its STAR Engine intrusion prevention product.

The main idea behind this piece of technology is controlling who or what makes calls to the operating system kernel. This protects file and registry from attackers and is particularly effective when software patches are unavailable.

This suite of applications consists of the main Sygate Management Server, Security Agent for servers and workstations, a VPN and wireless security application. These enforce security policies at those particular entry points onto the corporate LAN. The idea behind this is to secure as many points of the network from one suite of applications, and it certainly appears to work well enough.

The trouble with a better mousetrap is that it soon becomes yesterday's model: when you build security around a growing enterprise it is well to avoid obsolescence by adapting an EdgeForce appliance with its modular specification and performance.

The SmartFilter product from Secure Computing was one of the earliest products to perform category-based URL filtering. Now in version 3.2, the basic principles of the product remain, with performance and management improvements aimed at making the task of controlling web access as simple as possible.
SmartFilter is intended to sit on a web proxy behind a firewall, or on the firewall itself. The product comprises agents that reside on the gateways, a management server that runs on Windows, Solaris and Linux servers, and a management console which can run on the same platforms. The server and console components are both Java based.

In today's world of CD-ROMs and high-capacity DVDs, it is easy to forget that there are other storage media which still have considerable popularity. One frequently overlooked example of this is the humble tape, which is still vital for many businesses. 
Modern tapes have extremely high capacities, and developments in fiber channel mean that recording speeds are incredibly fast. However, there is an inherent security risk – after the tape has been recorded, when the data becomes portable, and therefore at risk. This is increased if you send the tapes off site to a firestore. How can you be certain that the courier isn't simply going to vanish with your confidential client records?

The principle of Xiscan is a good one. It takes the idea of war dialing software, which hackers have used to their advantage for many years to scan telephone networks in an attempt to locate entry points, and turns it against the enemy.
Xiscan works in the same way that the hackers have always used automated telephone dialers – to probe for weaknesses in the network. The difference is that it is designed to be used within the network, to locate rogue modems and bring users to heel.
The basic idea is that if hackers can use automated dialers to gain an advantage over legitimate users, then why can't the legitimate user do the same? It is a very good question – and there is something very satisfying about the idea of wrestling control of hacker-type tools, and using them for legitimate ends. Xiscan takes the wardialer idea and turns it on its head, using it as a way to monitor the network from within.

The Aladdin eSafe Appliance is a hardened, Linux-based device, which can be configured as an email inspection tool (SMTP relay) and, additionally, as a full content-filtering gateway for HTTP/FTP. To obtain the full content-filtering gateway functionality you need to use Check Point Firewall-1 configured with a HTTP/FTP security server as a content vectoring protocol (CVP) client.

The LogiSense EngageIP Traffic Manager appliance combines the security benefits of firewall and web content filtering with other features that include web caching, routing and bandwidth management, with real-time bandwidth consumption reporting and quality-of- service (QoS) shaping.

This solution also delivers backup and restore and, unlike the previous solution, is designed with the smaller workgroup environment in mind. With the initial installation setting up a server, it also provides a centralized repository. In addition Lockstep advise an optional mirror backup off-site to ensure a complete recovery is possible of all corporate data.

This is one for the serious business with a need for high availability and disaster recovery in its overall plan. The capability not only to replicate files but also only the part that has changed, is just one of Double-Take's virtues.

Easy Recovery Lite is just one of Ontrack's solutions for recovering data. This solution does not repair lost or corrupt computer hardware settings, nor does it repair registry and configuration settings, but it does concentrate on data recovery. With an emergency boot disk to hand, even when you cannot access Windows, files can be extracted.

This next solution is ideal for publishers and media houses that rely on Macintosh computers for their production activities. Intego Personal Backup X allows the user to back up their critical files, clone volumes and synchronize files between two volumes.

This is an enterprise recovery solution that provides centralized control for a fast backup and restore that is controlled by the administrator. Recovery Manager provides a system that also allows a full restore for any computer that has been unable to reboot. It does this by storing all registry and system files for each protected workstation, allowing a full recovery on any machine covered by Recovery Manager.

This is a solution designed for the SME market. (We reviewed version 6, but 6.5 is now available.) Instead of simply making incremental backups Retrospect Backup uses backup sets to ensure all data can be recovered. Whereas many solutions only copy the new or changed part of a file, Retrospect keeps a set of all changed data so that if you later find that the version you have been working on has errors in it you can call back the 'best' version. Saved to your hard drive as well as to the server, a user can quickly call up and restore the version that they need to refer back to.