There are three products in AccessData’s forensic suite that every digital forensic investigator needs: Mobile Phone Examiner (MPE) Plus, Forensic Toolkit (FTK) and AD Triage.
The Triage-G2 Pro is a competent product offering a solid user experience.
The Cellebrite UFED Touch Ultimate is a fully equipped mobile forensic tool that enables quick and easy data acquisition from more than 8,000 mobile devices.
Both Mac Marshal Forensic Edition and Field Edition provide user-friendly forensic tool kits.
Encase Forensic v7 is a tool for computer investigation that both searches a computer system for information, as well as aids in the process of developing this information into a complete report.
HBGary’s Responder Professional is a Windows memory acquisition and analysis tool that offers a variety of features useful to malware analysts and computer forensic investigators.
Lima Forensic Case Management Software from IntaForensics is a complete, end-to-end case management system that offers an easy way to organize every aspect of a digital forensic investigation.
The NIKSUN NetDetector/NetVCR Alpine 4.2.1 is a network security monitoring tool with advanced forensic analytical capabilities.
ProDiscover Incident Response (IR) from Technology Pathways is a computer security tool that allows users to preview, image, view, search, analyze and report.
The Forensic ComboDock is a read/write blocker. It makes it impossible to unintentionally turn off write-blocking.
AlienVault’s Unified Security Management (AV-USM) platform combines open source technologies for asset discovery/inventory, vulnerability assessment, threat detection, behavioral monitoring and security intelligence/event correlation.
LOG Storm combines log management and security information management with correlation technology, real-time monitoring and an integrated incident response system.
CorreLog Enterprise Server combines real-time log management with correlation, auto-learning functions, high-speed search, ticketing and reporting services.
SecureVue provides all of the elements one would expect in a SIEM.
EventTracker Enterprise is comprehensive. It is designed to be scalable to address multiple locations, business units and domains using the EventTracker Stand-Alone, Collection Point and Collection Master architecture.
GFI EventsManager collects, centralizes, normalizes, consolidates and analyzes a wide range of log types.
The HP ArcSight Express appliance features a full set of SIEM capabilities.
The LogRhythm appliance goes way beyond traditional security event monitoring and management.
The Enterprise Security Manager is the ultimate high-powered SIEM.
Sentinel from NetIQ offers a lot of robust SIEM features and functions.
The SolarWinds Log & Event Manager is a virtual appliance capable of collecting logs and events from almost any network-connected device and then correlating that data for further analysis.
The ManageEngine EventLog Analyzer from Zoho is a small application that provides a lot of functionality.
The Threat Prevention Appliance from Check Point provides full-scale threat protection at the perimeter, as well as incorporating with endpoint security applications to provide a comprehensive security infrastructure.
The CR2500iNG unified threat management appliance from Cyberoam offers a multitude of security and threat prevention features for the network perimeter.
The NSA E8510 from Dell SonicWALL is a monster security appliance designed for the large enterprise environment.
This product offers a stateful firewall with deep packet inspection capabilities, proxy-based scanning, real-time threat monitoring, scanning of both web and email for worms and viruses, and protection from bots and other network attacks.
This product can protect the perimeter of the network with a firewall, intrusion prevention system and IPsec and SSL VPN.
This product features a full firewall with intrusion detection and prevention system; anti-malware at the gateway, including protection from viruses, worms and spyware; spam protection; web and URL content management; and application control.
Kerio Control provides a clear, snappy interface for administration.
Unified threat management solutions shouldn’t be limited to large corporations with unlimited budgets. NETGEAR agrees, and offers their ProSecure UTM25S at a price point that should be attractive to small businesses.
Targeting small to midsized offices with up to 150 users, it combines standard UTM offerings with a few features we didn't expect, making this product something definitely worth looking at.
Administrators of smaller environments on a fixed budget could do very well by the aXsGUARD Gatekeeper by VASCO Data Security. While a little more complicated to use than some of the more expensive products, with a little attention to detail the device performs well.
WatchGuard XTM 830, though somewhat pricey, provides an excellent enterprise-grade perimeter defense against viruses, spam and other unwelcome traffic.
The Wedge Networks 1005G looks good on paper, but in reality is a little disappointing. While the initial setup was easy enough, ease-of-use issues and documentation gaps made for a frustrating deployment experience.
VMC takes advantage of the nature of a virtual data center.
GravityZone lets users bounce between various computing environments: physical, virtualized and mobile.
McAfee has successfully brought together the application of a centralized policy engine – ePO – with its anti-malware capability in the physical world.
One might characterize CSP as a security wrapper for mission-critical environments.
The Retina CS from BeyondTrust offers up quite a few strong features for vulnerability management throughout the enterprise.
We found this version of Core Impact Professional to contain more automation, more wizards and more options than previous versions we have tested.
FusionVM from Critical Watch offers both vulnerability management and configuration policy auditing in either a physical or virtual appliance or as a full, cloud-based SaaS option
This product brings together vulnerability scanning, remediation and patch management, and network and software auditing all under one easy-to-use product.
Internal Scan - Cloud edition from netVigilance offers a full cloud-based vulnerability scanning engine that can scan both internal and external systems for vulnerabilities and compliance.
The QualysGuard Vulnerability Management (VM) solution provides automated auditing and vulnerability management for small to large enterprises.
Nexpose assists clients through the entire vulnerability management lifecycle – from discovery, vulnerability detection, risk classification, impact analysis, reporting, vulnerability verification and risk mitigation.
From the same graphical user interface, SAINT provides an integrated solution for vulnerability scanning, configuration compliance testing, penetration testing, canned reporting and custom report creation.
The Secunia VIM is a real-time vulnerability intelligence and management tool, providing organizations with the necessary information required to analyze vulnerabilities in their IT infrastructure, as well as track them from a centralized dashboard interface.
Tenable SecurityCenter Continuous View (SC-CV) provides real-time vulnerability management, capturing security and compliance risks introduced by mobile, cloud and virtual infrastructure.
Security Manager Plus (Professional Edition) is a network security scanner that proactively reports on network vulnerabilities and helps to remediate them and ensure compliance.
With its DualShield, Deepnet Security offers a product that can add that extra layer of security to those applications – at a reasonable price point.
As long as one is using Active Directory, DigitalPersona Pro Enterprise may just be the solution for large-scale deployment of multifactor authentication services.
With its IdentityGuard product, Entrust integrates physical and logical, mobile and cloud security, all at a surprisingly low price point.
Companies looking for a turn-key, out-of-band authentication solution need look no further than PhoneFactor.
The SafeNet Authentication Service offers an entirely cloud-based multifactor authentication platform for the enterprise.
The Swivel Appliance from Swivel Secure is driven by PINsafe, which allows users to combine PINs with randomly generated security strings to provide robust strong authentication.
The IDENTIKEY Authentication Server and DIGIPASS GO 7 from VASCO pair together to provide solid, out-of-the-box, strong authentication to applications throughout the enterprise environment.
TeleSign 2FA is a full application programming interface (API) and software development kit (SDK) that allows an enterprise to integrate two-factor authentication into its existing web applications.
Focusing solely on database security, DbProtect from Application Security is an affordable database security product which, given the right environment, could be very beneficial to administrators.
The Barracuda Web Application Firewall provides affordable security without skimping on features or breaking the bank.
SingleKey from Bayshore Networks is a full-featured application firewall that provides solid protection from malicious attacks to enterprise applications.
The BIG-IP Application Security Manager (ASM) functions as an application firewall, protecting web applications and services with a powerful policy engine.
Given the importance of the data contained within any corporation’s databases, the task of keeping that data safe should be a top priority for any IT security team. Fortinet’s FortiDB-400c is dedicated to helping security professionals do precisely that.
With what may just be the Cadillac of application and database security products, Imperva makes its appearance to help hold attackers at bay.
Database Activity Monitoring from McAfee provides both threat protection as well as database auditing for compliance needs
Avatier’s Identity and Access Risk Management Suite provides user creation, authentication, provisioning, and deprovisioning of user IDs.
Network Sentry provides centrally managed access to the network, integrates with user management applications, such as Microsoft Active Directory, and may use agents or remain agentless.
Centrify Suite 2012 provides user provisioning and access control across the enterprise.
The CI-750 provides real-time content inspection allowing customers to protect against data loss across the network.
The Fischer solution is postured to help organizations drive (not react to) their identity management solutions.
ForeScout CounterACT offers an enterprise-class NAC, assuring network access based on real-time endpoint classification configuration assessment, user and endpoint compliance policy and automated response.
The Hitachi ID Management Suite is primarily made up of three modules: Hitachi ID Identity Manager, which helps manage identities and provisioning across multiple systems and applications; Hitachi ID Password Manager; and Hitachi ID Privileged Access Manager.
Lieberman Software really delivered on this. Its Enterprise Random Password Manager (ERPM) addresses the management of privileged access across enterprise resources.
The Cloud Identity Manager from McAfee helps administrators provide single sign-on and account provisioning for cloud-based applications.
Identity Manager from NetIQ is a full identity and user management platform that allows administrators to manage users across physical, virtual and cloud-based environments.
The NetWrix Identity Management Suite is actually a combination of several NetWrix products that are bundled together and can be installed individually or together as one large suite.
Quest One Identity Manager with ActiveRoles Server provides a wide array of identity management features and functions.
Adaxes from Softerra enables the ability to automate user provisioning and deprovisioning by interfacing directly with Microsoft Active Directory.
Safe Access from StillSecure offers a full network access control system that includes functionality for ensuring endpoints on the network meet policy and compliance standards before being able to join the network and access network resources.
Here we have three products from Thycotic Software that when combined provide a reasonably comprehensive identity management suite.
The Axway MailGate SC offers a full set of features for both email content management and security.
Using this appliance, administrators can protect their enterprise from both inbound and outbound threats, such as spam, viruses, phishing, spyware and email address spoofing.
With this email security and content management tool in place, administrators can protect their environment from spam, viruses and other mail-based malware while managing email content and providing a solid level of data leakage prevention and email control.
The SECURE Email Gateway from Clearswift offers up strong features and functions for email security and content management.
The SecureMail Gateway from DataMotion provides the ability to easily integrate full email encryption into an existing enterprise environment.
The Encrypted Mail Gateway from Echoworx offers a full cloud-based platform for seamless email encryption throughout the enterprise.
The FortiMail-400C, while complicated to set up, offers an incredible feature set at an affordable price.
The Halon Virtual Security Appliance from Halon Security is a quick and robust email gateway, but administrators should be prepared to learn a new scripting language in order to fully use the product.
This email security and content filtering tool does everything we would expect, with a combination of flexibility and ease of use seldom seen.
TITUS Message Classification is a tool with which to classify messages, yes, but email security is not its primary focus.
Combining on-premise software with an optional cloud-based pre-filter, the tool provides a flexible approach to email security.
Providing content filtering and encryption, the XCS 570 from WatchGuard Technologies allows administrators to easily combat data leakage.
If one could get the cost, ease of use and provisioning into a practical range, one could offer multifactor authentication to all users. That is exactly what Telesign does.
Wombat Security Technologies is in the business of threat filtering and user training. For this month, we looked at their training.
EastNets offers a sophisticated suite of filtering products that, taken together, give financial institutions what they need to combat fraud and money laundering.
NICE Actimize covers most of the online fraud bases, including money laundering, case management, brokerage compliance and overall security. It is a truly high volume data processor.
This is a suite of products that covers fraud detection (heavily phishing-oriented), browsing protection, multifactor authentication and transaction anomaly detection.