VASCO Data Security aXsGUARD Gatekeeper
March 01, 2013
Vasco Data SecurityProduct:
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Inexpensive, good documentation.
- Weaknesses: Very basic user interface; careful documentation review is a must; per user licensing fee for content filter; and relies on open source components.
- Verdict: The product’s low up-front cost makes it a good choice for knowledgeable administrators in small, budget-conscious
Administrators of smaller environments on a fixed budget could do very well by the aXsGUARD Gatekeeper by VASCO Data Security. While a little more complicated to use than some of the more expensive products, with a little attention to detail the device performs well.
As usual, our setup process began by setting a workstation IP address to match the product's default network. We logged in to the web interface and were immediately presented with a user-creation wizard, which we enlisted to create an administrator account. Upon completion of that wizard, we were automatically logged in with our new credentials. A menu was displayed with a series of separate wizards, which guided us through configuring the device hostname and location data, SMTP relay and administrator email accounts, time server and interface settings. Once the wizards were complete, a device reboot completed the initial configuration.
While the product offers all of the features we expect out of a basic UTM, configuration of those features is not always completely straightforward. Administrators will want to keep the documentation close by. That said, once configured, the device performed very well. The firewall appears to use your standard iptables. However, rules are automatically put in place, allowing VASCO full access to the device. While ostensibly for support purposes, security-minded administrators will want to disable those rules straight away. The product uses Snort as the intrusion prevention system, which is great. Yet, administrators are expected to acquire their own registration code for signature updates. The content filter works well, but it is the only component of the device licensed on a per-user basis, so keep that in mind when comparing prices.
Anti-virus protection is provided with ClamAV, another open source component. VPN services are provided via picture transfer protocol (PTP), IPsec and OpenVPN protocols, and support is also included for Vasco's aXs GUARD product, as well as a basic SSL web portal. AD/LDAP integration is included. However, single sign-on features require an agent to be installed on each client workstation. One thing we really did like was the device's multifactor authentication features, with support for Vasco's DIGIPASS tokens and eID smart cards included.
VASCO offers a number of different support options. Their standard package provides eight-hours-a-day/five-days-a-week phone and email support. This is upgradeable to a 24/7 support package. A VIP package is also available, which is completely customizable according to the customer's needs. Additionally, per incident and emergency support services are offered, as well as a customer support area hosted on VASCO's website, which offers a knowledge base and product tutorials.
The VASCO aXsGUARD Gatekeeper is priced at $775 for the hardware unit, and includes the first year of support. Support renewal starts at $175 per year for a basic nine-hours-a-day/five-days-a-week support tier. The content filter is an optional extra and is licensed at $25 per user per year.
SC Magazine Articles
- USAA members hit with multiple phishing attacks
- Three zero-days found in iOS, Apple suggests users update their iPhone
- MedSec goes its own way with medical device flaw
- Two-thirds of IT security pros surveyed expect a breach to hit their company, report
- Juniper confirms leaked "NSA exploits" affect its firewalls, no patch released yet
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components
- Don't connect your charging cell to a computer or you may get hacked!