Enterprise Threat Shield
Strengths: Excellent reporting; wide range of protection.
Weaknesses: No manual scan control.
Verdict: Excels as a complete protection suite, but those with protection already in place won't find this an easy tool to integrate.
Surfcontrol’s Enterprise Threat Shield is a little different from the other products that we tested. Rather than just providing anti-spyware tools, the system also scans P2P traffic, games and instant messenger clients by using dedicated databases.
The idea is to give a wider scope to prevent spyware and malicious data from entering the network. As a rules-based system, you have to select to whom a rule applies, the data to watch for and what to do when it is found.
These components are pre-built, so you can re-use elements in different rules, thereby cutting down the management burden. It is quite easy to do, and those of you who are familiar with Surfcontrol’s web filter will recognize how it all fits together. The interface is a little untidy, though, and could be a bit slicker.
Client protection requires each PC to be installed with the agent. This is automatically distributed, and the agent runs quietly in the background with no need for user prompts.
Its protection is based on monitoring and blocking malicious files from being written to a PC or existing files from executing, and it can also scan machines to remove any existing spyware.
All of this information is reported back to the server, and you can get detailed reports through the dedicated reporting application. There is a lot of information at hand and Surfcontrol probably has one of the most detailed reporting engines on the market.
There is also the issue that clients rely on communication with the server and do not have the same level of autonomy offered by other anti-spyware clients. We are told this will be addressed in the next version, due shortly.
Where Surfcontrol proves to be a real winner, though, is with its complete threat protection. Combine Enterprise Threat Shield with its web and email filtering products and you get yourself security for your entire enterprise and a way of stopping users from even encountering spyware.
Its rules-based management and multi-threat analysis make this a powerful tool, but more control over scans and a manual start scan would be nice additions.