Features

The G-Server is the only hardware in this Group Test - all the other products consist of software. It is designed to be installed inline between the DMZ port on your firewall and a public web server. It is completely transparent and requires no changes to any network settings on other network equipment. It has no IP address visible to the outside world, so is undetectable by hackers. Even the MAC addresses of its NICs reflect those of the real web server to make the G-Server even more transparent. Two G-Servers may be configured for high availability.

GFI LANguard System Integrity Monitor (SIM) detects whether files have been changed on a Windows 2000/XP system. It identifies exactly which files have been changed, making it easy to restore the system to its original state, although it does not provide any utility for automatic recovery - you have to have secured original copies of these files elsewhere.

The SmartFilter product from Secure Computing was one of the earliest products to perform category-based URL filtering. Now in version 3.2, the basic principles of the product remain, with performance and management improvements aimed at making the task of controlling web access as simple as possible.
SmartFilter is intended to sit on a web proxy behind a firewall, or on the firewall itself. The product comprises agents that reside on the gateways, a management server that runs on Windows, Solaris and Linux servers, and a management console which can run on the same platforms. The server and console components are both Java based.

The trouble with a better mousetrap is that it soon becomes yesterday's model: when you build security around a growing enterprise it is well to avoid obsolescence by adapting an EdgeForce appliance with its modular specification and performance.

This suite of applications consists of the main Sygate Management Server, Security Agent for servers and workstations, a VPN and wireless security application. These enforce security policies at those particular entry points onto the corporate LAN. The idea behind this is to secure as many points of the network from one suite of applications, and it certainly appears to work well enough.

The main idea behind this piece of technology is controlling who or what makes calls to the operating system kernel. This protects file and registry from attackers and is particularly effective when software patches are unavailable.

Most of the products tested in the round up for this Group Test have been primarily aimed at the larger enterprise, as they tend to have the largest pockets and more need for protection. Barbedwire Technologies aims at the more modest-sized organization with its STAR Engine intrusion prevention product.

One thing that cannot be overlooked in network security is the ability to test weaknesses like a hacker. The RETINA Network Security Scanner is one such tool - and probably one of the fastest ones on the block.

This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.

Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.

Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.

Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.

The Entercept system, now acquired by Network Associat-es, has in its latest version bought a major revision to how software runs in the enterprise.

ViRobot is a lesser-known anti-virus solution from Korean developer Global HAURI. It is not really a newcomer - it has been in the market since 1998 - but it has taken until recent times to really start to make a mark in Western markets.

The Trend Micro Control Manager is designed to manage Trend Micro's many and varied anti-virus products. This is another company which has made strong moves into Unix platforms, with products for Linux, Solaris and HPUX.

Sophos sent us the Sophos Enterprise Manager suite, which really consists of two components. SAVAdmin controls client activities, and the Enterprise Manager collects updates and software packages for deployment.

McAfee is one of the best-known names in anti-virus, and we expected impressive results from testing ePolicy Orchestrator 2.5. The product is capable of managing several anti-virus solutions, including McAfee's own and Symantec's Norton, with support for others in the pipeline. Although policies for separate products are configured individually, the integrated management interface will immediately be useful to large enterprises with multiple anti-virus solutions.

The LANDesk Management Suite, previously owned by Intel, is the only product in this Group Test which is not in fact an anti-virus solution at all. It offers network management and software deployment, which is basically what anti-virus management is all about anyway.

The Gordano Message Suite is not an anti-virus solution per se, it is a complete web-based messaging system with email, instant messaging, calendar feature and message filtering. The whole lot is managed from a central web console which is clean and consistent, with the exception of a Windows utility to add users to the database.

F-Secure's offering includes several components: a Policy Manager (the hub of the suite), an Anti-Virus Management Wizard and the Policy Manager Reporting Option.