Unified security gateway is a term we are hearing with increasing frequency. Some products that have traditionally referred to themselves as UTMs - unified threat managers - are changing their stripes. In some cases, this change is justified. In some cases, it's marketing hype. The Finjan Vital Security Web Appliance does not go quite so far as changing its stripes, but if I ever saw unified security in a gateway appliance, this is it.
When I talk about unified security, I mean that literally. There are many capabilities to this product - we'll get into more detail momentarily - and they all are sufficiently interrelated that we can say without hesitation that they are unified. That includes third-party OEM add-ins, such as anti-virus software from McAfee. Just connecting the capabilities of the box is not, however, its strongest selling point.
We are getting close to being able to identify zero-day threats and this product is a champ when it comes to catching threats that have never before been seen. New in this release is the Finjan vulnerability antidote. This is pretty close to real zero-day threat detection and, in fact, I have not seen anything better. But, that aside, this box is packed with functionality in general.
We went through a live demonstration of the product from Finjan and then we fired up the box in our lab. It was as easy to set up and use as the demo suggested. You can install this in minutes and it won't take you long to tune it for your enterprise. The appliance comes with an excellent collection of policies out of the box and you can use them as is or you can customize them to your needs. If you have unique needs, you can write your own policies from scratch.
There are several new features in this release. Some of the more interesting are the real-time behavioral analysis of malicious code. Malicious code in this case is not just malware as we usually think of it. It includes, in Finjan's terms, "any action against your computer that you don't want." So that would include any exploits - whether generated manually by an attacker or remotely by malware. It can identify exploits in Adobe Flash or PDF files as well.
The appliance has a somewhat simplistic data leakage identification capability. However, this is the 80-20 rule. It can catch perhaps 80 percent (or more) of the data leakage that goes out through the gateway. So, when a bot or other malware tries to phone home with private data stolen from your enterprise, the Vital Security box is very likely to catch it. Remembering the notion of defense-in-depth, of course, we will want to add such capabilities to our network security architecture as some form of endpoint security to fill in the gaps.
The new release is quite good at monitoring peer-to-peer and instant messaging traffic, even if it is tunneled as an obfuscation technique. Of course, the appliance can check files by filename extension - faster - or by header analysis - more accurate and more difficult to spoof. The product supports RADIUS authentication and sports one of the best log sets I've seen. There is an "XRay Mode" that monitors and reports only. This is excellent for use during the deployment and tuning process.
Administration is one of this product's strongest points. First, administration can be layered so administrators have rights to manage only those things they need to manage. This layered approach is becoming more common, but this is the first time I've seen it in this type of appliance. Additionally, all updates, including those for OEM products that you may decide to add on to the system, are managed through Finjan. This is a big-time saver for busy admins.
Overall, this release - v9.2 - of the Vital Security appliance is hot. If you're already a Finjan shop, upgrade at once. You'll be glad you did. If you're not, look into this one. It's a keeper.
Product: Vital Security Web Appliance NG-6100 v9.2
Company: Finjan www.finjan.com
Price: Starting at $18K
What it does: Provides web security (anti-virus, anti-malware, etc.), and data leakage prevention.
What we liked: Just about the most comprehensive product of its kind I've tested - zero-day threat identification.
What we didn't like: It would be nice to have some diagrams in the quick-start guide to speed deployment.