group

F-Secure's offering includes several components: a Policy Manager (the hub of the suite), an Anti-Virus Management Wizard and the Policy Manager Reporting Option.

The Gordano Message Suite is not an anti-virus solution per se, it is a complete web-based messaging system with email, instant messaging, calendar feature and message filtering. The whole lot is managed from a central web console which is clean and consistent, with the exception of a Windows utility to add users to the database.

The LANDesk Management Suite, previously owned by Intel, is the only product in this Group Test which is not in fact an anti-virus solution at all. It offers network management and software deployment, which is basically what anti-virus management is all about anyway.

McAfee is one of the best-known names in anti-virus, and we expected impressive results from testing ePolicy Orchestrator 2.5. The product is capable of managing several anti-virus solutions, including McAfee's own and Symantec's Norton, with support for others in the pipeline. Although policies for separate products are configured individually, the integrated management interface will immediately be useful to large enterprises with multiple anti-virus solutions.

Sophos sent us the Sophos Enterprise Manager suite, which really consists of two components. SAVAdmin controls client activities, and the Enterprise Manager collects updates and software packages for deployment.

The Trend Micro Control Manager is designed to manage Trend Micro's many and varied anti-virus products. This is another company which has made strong moves into Unix platforms, with products for Linux, Solaris and HPUX.

ViRobot is a lesser-known anti-virus solution from Korean developer Global HAURI. It is not really a newcomer - it has been in the market since 1998 - but it has taken until recent times to really start to make a mark in Western markets.

The Entercept system, now acquired by Network Associat-es, has in its latest version bought a major revision to how software runs in the enterprise.

Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.

Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.

Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.

This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.

One thing that cannot be overlooked in network security is the ability to test weaknesses like a hacker. The RETINA Network Security Scanner is one such tool - and probably one of the fastest ones on the block.

Most of the products tested in the round up for this Group Test have been primarily aimed at the larger enterprise, as they tend to have the largest pockets and more need for protection. Barbedwire Technologies aims at the more modest-sized organization with its STAR Engine intrusion prevention product.

The main idea behind this piece of technology is controlling who or what makes calls to the operating system kernel. This protects file and registry from attackers and is particularly effective when software patches are unavailable.

This suite of applications consists of the main Sygate Management Server, Security Agent for servers and workstations, a VPN and wireless security application. These enforce security policies at those particular entry points onto the corporate LAN. The idea behind this is to secure as many points of the network from one suite of applications, and it certainly appears to work well enough.

The Aladdin eSafe Appliance is a hardened, Linux-based device, which can be configured as an email inspection tool (SMTP relay) and, additionally, as a full content-filtering gateway for HTTP/FTP. To obtain the full content-filtering gateway functionality you need to use Check Point Firewall-1 configured with a HTTP/FTP security server as a content vectoring protocol (CVP) client.

The LogiSense EngageIP Traffic Manager appliance combines the security benefits of firewall and web content filtering with other features that include web caching, routing and bandwidth management, with real-time bandwidth consumption reporting and quality-of- service (QoS) shaping.

Fortinet offers a range of what it calls 'anti-virus firewalls' for all markets, from the home user to the large enterprise and carrier-class service provider.

Ingrian offers a range of appliances that are designed to secure any application that uses secure socket layer (SSL) transactions, while at the same time speeding up the performance. The company has recently added other features, including authentication, authorization, GZIP compression and an interface to external intrusion detection systems.