As 2006 comes to an end, we look back at the products that received our coveted SC Best Buy and Recommended awards. Here's your chance to once more read the highlights from our group tests and discover why these products were rated so highly by our expert reviewers. The full text of all these reviews can be found on our website at

Spy Sweeper Enterprise
Supplier: Webroot
Price: £8.80 per user for 1,000 users

This product combines the excellent detection tools of Spy Sweeper with a management front end, Admin Console, a Java-based application used to control how you deal with spyware over the entire network.

Installations can be managed by group, enabling you to schedule scans and updates as appropriate for individual PCs and their uses. Groups are automatically created based on Windows domain names, but you can come up with your own. Updates are handled locally, and Webroot does a really good job of it, including being able to choose to automatically install program updates.

This level of granularity will appeal to large networks with strict version controls. Scanning can be scheduled or run manually, either of an entire group or individual PC. Scans run quickly in the background and both the level of detection and the removal success is excellent.

The Smart Shields can be configured for real-time spyware blocking, including browser hijacking and preventing new start-up processes. These are turned off by default, so you need to enable them for comprehensive protection - better default settings would help, however.

With excellent protection and an enterprise-worthy management console, Spy Sweeper Enterprise has the protection you need.

Overall Rating: 5/5

VSA NG-5000
Supplier: Finjan
Price: £4,570 for 500 users for one year, including silver

Part of Finjan's Vital Security Appliance range, the NG-5000 uses a 2.8GHz Pentium 4 processor, has 2GB ethernet and four fast ethernet ports. Deployment will depend on the size of your network, and you can make one box do all the work or, for large networks, install one as a policy server for centralised, web-based management and use additional boxes as scanners.

The level of protection depends on the security options you enable. The NG-5000 can be installed with third-party anti-virus products and web-filters, which means it can be integrated into your existing security infrastructure.

On top of the third-party scanners, Finjan offers its own anti-spyware protection. It works at the gateway and is configured through the same simple-to-use web interface as the others.

A range of protection is available, starting with Finjan's list of known spyware sites. Blocking by this category means you can filter out numerous sites, preventing users from becoming infected.

As a gateway product, there are no removal tools, so you still need desktop protection. But this is an excellent security appliance.

Overall Rating: 4/5

IronPort C300 Email Security Appliance v4.1
Supplier: IronPort Systems
Price: £11,500

The C300 is aimed at SMEs handling up to 5,000 email users. Set up was simple, and we had the device configured and running in minutes. The browser management interface is logical and well designed, and its online help system offers extensive explanations and examples.

We found it easy to generate a policy to inspect mail addressed to particular users. If the content matched our search strings, the system would block the delivery and send a notification to another specified user that the mail has been received. Search strings can be regular expressions for even greater flexibility. You can also apply these policy rules in any order, intercepting mail before it enters the anti-spam system. Sender verification can even be configured to automatically reject or accept mail from listed domains and email addresses.

The reporting system allows reports to be sent to multiple recipients, but there are only two types: an incoming volume report and a system summary report. However, these can be configured to run at different intervals, and the various sections can be reordered so that a reasonable amount of flexibility is possible.

Overall Rating: 4/5

Supplier: Tumbleweed Communications
Price: c £7,700 for 500 users

Aimed at the enterprise market, the Mailgate 5550 offers dual processors, redundant power supplies and four hot-swappable disk drives with two Gigabit ethernet connections in a 2U chassis.

Installation was straightforward: we simply entered the network addresses for the interfaces via the control panel at the front, while printed installation documentation gave a step-by-step guide to configuring each option using a browser connection to the management interface.

In practice, little administration is needed, as most of the anti-spam features are automatic. Admin just needs to decide the level of spam detection to use - blocking it completely, simply tagging it and passing it through or allowing end users to determine the rules.

The device was easy to use, with complexities completely hidden behind the interface. Although this feels a little strange at first, it soon becomes familiar, and the detailed monitoring screens and reporting provide reassurance that the appliance is really doing its job.

Overall Rating: 4/5

Auditor: Enterprise 4.1
Supplier: NetClarity
Price: c £11,500 for 256 addresses

NetClarity's Auditor is a fine example of a fully featured appliance that does not offer just vulnerability assessment, but also ties results to compliance and ongoing information systems audit programs.

The documentation is complete, well-illustrated and straightforward to understand. We ran into no installation or usage problems that we could not solve from the included manuals.

The appliance is also quick and easy to set up and use. Just plug it in, follow the installation guide and go. The setup guide was clear and the appliance was ready for testing in less than an hour.

The Auditor Enterprise performed very efficiently on our test network. One interesting capability is its ability to audit against credit-card security programs and regulatory requirements. Scans/audits can be set up with specific compliance requirements, and the final report will rate the target system relative to those values. Several regulatory reporting schemes are included with the appliance.

The product does everything one would expect it to do and does it all extremely well.

Overall Rating: 5/5

Supplier: Tenable Network Security
Price: Free: plug-in access after seven days; commercial direct access
to plug-ins c£700 per year

In its original configuration, Nessus is client server-based. The scan engine sits as a server on a Linux computer and you can communicate with it using Linux or Windows clients. The client can sit on the server machine or not. This is a good portable scanner for consultants and engineers who need to manage vulnerabilities on multiple sites.

Because parts of Nessus are still open source, there is a huge community of developers creating "plug-ins" for new vulnerabilities as soon as they are discovered. The result is a library of nearly 10,000 plug-ins that are available automatically seven days after they are introduced, or immediately for a £700 annual subscription.

Because of this, Nessus is arguably the most capable scanner available. Clearly, the price is right, and there are no limitations on the number of addresses you can scan. Reporting is simple, but excellent.

Overall Rating: 5/5

Supplier: Core Security Technologies
Price: Not supplied

Core Impact is different in that it is primarily a penetration testing tool. It behaves like a hacker, performing vulnerability and port scans, then attempting to penetrate the target using the vulnerabilities it finds. There are real benefits to this approach.

First, most of the tools tested report all the vulnerabilities they find, categorising them on their importance. But this means the tests take individual vulnerabilities out of context, making it difficult to understand what is important.

Email support is available, and purchasers receive a free online training session with a member of the support team over the phone.

Core Impact is very easy to install and you can begin testing quickly. Different panels guide you through all steps from discovery to clean-up and reports. A quick-start guide walks you through each test.

We found the product to be fairly flexible, with quite a few option configurations and details of attacks with a solid user interface. For organisations that need to be sure of the security of critical or sensitive systems, Core Impact is a must-have.

Overall Rating: 4/5

Supplier: Saint
Price: c £1,250 for Class C

Saint has its roots in the earliest days of automated vulnerability assessment. It has been dressed up in a new suit of clothes, but retains its Unix roots. This is, first and foremost, a vulnerability scanner. In that regard, it is very similar to Nessus, but its user interface is about as clean as one would expect, and it is web-based, making any web browser the platform for the GUI.

Support is acceptable, and there is a strong web presence adding to the support in an on-demand fashion. Saint is generally easy to use, although not all Linuxes behave well. RedHat 7.2 went very smoothly, even in a VMWare environment, but Mandrake 10.2 did not allow a clean installation and Saint had to be uninstalled.

This is a powerful workhorse vulnerability assessment tool, quite scalable and true to its mature vulnerability assessment roots, while presenting an easy-to-use and configure user environment.

Overall Rating: 5/5

MIMEsweeper Email Managed Service
Supplier: Clearswift
Price: from £1.08 per user per month for 10,000 users

The service is pretty simple, offering basic filtering services to MIMEsweeper customers who want to reduce the volume of incoming spam. But there are plans to make the full suite of MIMEsweeper functions available through the managed service.

The current GUI is very good. The dashboard provides not only operational statistics, but also alerts the admin of any DNS misconfiguration. The filtering rules are configured through a simple builder not unlike Microsoft Outlook's local filter interface.

Multiple domains are managed from the same interface, with delegated administration. A conspicuous absence is a visible admin log, but the system does track activity internally. Reporting is also quite basic, with most useful information available in a separate log facility, where specific alerts can be monitored.

We expect this service will turn into something special when the full capability rolls out.

Overall Rating: 5/5

Supplier: Mimecast
Price: £1.25 per user per month for 5,000 users

Mimecast offers its technologies as an appliance and a managed service for smaller enterprises, run from three data centres. It is almost wholly automated; clients do little administration work at all beyond reporting.

The service starts by watching regular outbound mail for a few days to build up a whitelist of email senders that is used to filter invalid recipients. But this needs careful handling for mail aliases and service accounts that do not generate outbound mail. Indeed, it is probably better served by just integrating with an LDAP server.

Incoming mail is treated in a similar way - if the sender and recipient have not communicated before, it is briefly quarantined while checks ensure the sender is a real mail server rather than a bot.

Mimecast offers an amazing degree of control over the operation of the service, presented in a very effective interface, with policy options on every aspect of mail delivery, handling and management.

Overall Rating: 5/5

RSA Sign-On Manager 4.5
Supplier: RSA Security
Price: c £28 per user up to 2,000 users

RSA Security's software provides enterprise-level single sign-on with either conventional passwords or, preferably, two-factor authentication using RSA SecureID tokens.

An Active Directory application mode data store is configured to house the sign-on manager-specific attributes without unduly interfering with your existing active directory.

With two-factor authentication, users must be assigned to specific tokens by importing available token data and assigning them a token from the pool. For static passwords, relative strength characteristics can be set. You can even set the number of allowable days for offline use and send expiration reminders.

This is a serious, enterprise-level tool and, as such, deployment will need to be properly considered and planned. For those ready to do this, RSA Sign-On Manager is a first-rate solution.

Overall Rating: 5/5

Supplier: Imprivata
Price: c £23 per user for 1,000 users

A capability such as single sign-on must be robustly managed, and Imprivata provides for this with its dedicated appliance and associated agents, which reside on the user's workstation. The 1U device is a sturdy, if rather noisy, device. Initial configuration is straightforward, supported by a two-line facia display, an on-board administrator guide, a manual and a set-up flyer.

The Imprivata agents take care of things at the client end and allow for user authentication via passwords, tokens or biometrics. Two Upek TouchChip fingerprint readers were supplied as typical examples of the sort of biometric devices that might be used in a corporate environment.

Application and user profiles are stored on the OneSign Server appliance, from where the agents download required credentials at initial log on, then communicate periodically with the server to catch any changes. This can also take place remotely, via a VPN if desired, to support mobile users.

This is a user authentication system for those who take such matters seriously and need an enterprise-wide solution that is both robust and user-friendly.

Overall Rating: 5/5

PatchLink Update 6.2
Supplier: PatchLink
Price: from c £10 per node

PatchLink's product has an impressive range of support for different operating systems. Not only does it support Windows from 95 onwards, but also AIX, HP-UX, Macintosh's OSX, Red Hat Linux, Red Hat Enterprise Linux AS/ES/WS and Solaris. Novell Netware is thrown in for good measure.

Installation requirements are strict. In the end, we settled for installation on a clean system as it didn't like sharing a machine with Microsoft Access. Nor, we were told, would it install on a primary or secondary domain controller.

In fact, the vendor recommended the server be installed on a standalone workgroup server. This flags up the issue of how to integrate this product into your infrastructure.

The software is now much more user-friendly, with information updated incrementally, rather than refreshing the whole database. This improved the time spent pushing critical patches out to endpoint devices and kept bandwidth overheads to a minimum.

This product is definitely worth considering for large installations.

Overall Rating: 4/5

Supplier: Shavlik
Price: from £20 per seat, including one year's maintenance

Shavlik's patch management offering uses agentless technology and, once installed, the first task was to perform a quick update of the patch signature files.

The console takes a split-screen approach to navigation, with all the tools you need positioned on the left-hand side and the relevant data displayed on the right. Templates can be established to let you determine how a particular environment is controlled.

Templates cover patch and spyware scanning, patch deployment parameters and remediation processes, and each is extremely configurable. Remote pop-up boxes can be established to let end-users know their machines are being updated and there are detailed reboot options.

The console is very intuitive and easy to use. Reporting is customisable and allows detailed network analysis. NetChek Protect has relative simplicity and an agentless architecture, but impressive detail and performance.

Overall Rating: 4/5

Websense Security Suite Lockdown Ed 6.1
Supplier: Websense
Price: £27 per seat for 1,000 seats

Being both easy to use and configure has made the Websense Security Suite a very popular product. Incorporated into the almost wholly automated setup is the download and updating of the master database that drives the URL and content filters. The interface is very intuitive and quick to navigate, enabling users to find data and log files without having to search through lots of menus.

Documentation is exceptional: after setup it is accessible from any interface, as well as through links on the company website. It includes material for administrators, deployment, installation and configuration, all with network topology scenarios and tables.

The product comes with all the features of a perfect web content filter and then some. With its easy-to-navigate interface, every aspect of a filter policy is available for editing. Filters include URL categories and protocol filters for SQL NET databases, file transfers, and instant messaging. The suite also features network protocol and peer-to-peer filters for all major P2P networks.

Overall Rating: 5/5

Supplier: Secure Computing
Price: (1,000 users): £21 per user perannum; £24 per user
perannum with optional SSL Scanner module

Webwasher is easy to set up and work with. Its interface is clean, organised and intuitive. The setup file is a simple executable installer that is mostly automated - just start it up and it does almost everything else on its own. Configuration is laid out in clear and concise guides.

Webwasher features many add-in scanners and filters that can be set up and customised. These include a URL filter, three anti-virus engines, an anti-spam filter, SSL scanner, content protection, content reporter, and IM filter. Automatic updates are included with the licence.

This product performed well during testing. With the up-to-date URL blacklists in our test suite, we tried many types of sites and it blocked anything we tested. It has many detailed customisable logs and reports that help administrators access any data they need about web access across its protected network.

Overall Rating: 5/5

Supplier: SurfControl
Price: (for 1,000 users) Enterprise Protection Suite £4,790; the
Internet Threat Database £5,850; Mobile Filter £1,995

As well as a full-service URL filter, SurfControl's Web Filter contains an anti-spam agent, spyware shield, instant messaging and peer-to-peer shields, anti-virus and games protection. Deny pages are fully customisable for company or network and can contain specific information as to why a user cannot access certain pages.

The product's most useful feature is the Virtual Control Agent, which uses already known information to help categorise unknown sites, stopping the user from accessing a site that could be inappropriate, but might not be blacklisted. However, the Web Filter contains a database of 54 categories with more than 14 million URLs, so it's hard to find anything it does not already know.

The only drawback is that, for a product as potentially complex and widely used as this, 24/7 support is not standard. If a problem arises at night, administrators are not going to want to disable the product and wait until the morning for help.

Overall Rating: 5/5

BlueSocket BSC2100
Supplier: BlueSocket
Price: BS Controllers start from £1,531 and go up to £17,000, depending on enterprise size. BSC1500 Access Point/Sensor co

Setting BlueSocket's device is simple: the management port connects to a switch to which all of your wireless access points connect; the protected port connects to your existing network; and the BSC2100 takes care of the security between the two.

BlueSocket sells its own "thin access points" that only provide 802.11a/b/g access, leaving security and management to the BlueSecure Controllers, but any standard wireless access point can be used. Management is through the company's excellent web interface.

Options to authenticate wireless users include forcing web redirects to its front page, where users can type in their credentials. These are then matched against either the internal users or an external source including RADIUS, LDAP/AD and Windows NTLM servers.

Overall Rating: 5/5

Supplier: Colubris Networks
Price: c £5,700

The InCharge RF Manager comes with a 1U rack-mountable server that configures the remote sensors. To do this, you first need to use Secure Shell (SSH) to get at the console, configuring the DNS settings so the remote sensors can automatically find the server.

From here you need to connect the 802.11a/b/g sensors to your network, making sure you have enough coverage for your entire company, so you will probably need a few sensors per floor. Management is performed through a Java-based console using Internet Explorer 5.5 or higher. The first time you connect to the console, a quick-start wizard takes you through configuration.

All you have to do is configure your security policy. Most events are catered for, and you'll find that you look for pretty much any network activity.

RF Manager is easy to use, and its neat graphical interface works well. For each alert you configure, you have a choice of responses, including sending an email alert and turning on the vulnerability prevention. This uses the remote sensors to block transmissions to unauthorised devices.

Overall Rating: 4/5

Ally ip100
Supplier: Arxceo
Price: c £500

This IPS product incorporates blacklist and whitelist technology that can be manually configured. If the device sees a threat, it automatically blacklists the IP the threat came from and blocks it from the network.

The Ally ip100 also has many fine-tuning capabilities with customisable filtering options, TCP, UDP and DNS policies, as well as notification options.

The tool - it's hard to think of it as an appliance - is very easy to use and deploy. It sits on the network between the internet and a switch, hub, firewall or router and is connected simply by plugging it in.

The Ally ip100 performed way above our expectations. We were not able to penetrate either the test network or the device itself. After each test, we would remove our IPs from the blacklist, only to find ourselves blacklisted again on the next attack.

Arxeco has built in numerous reporting features, including logs, blacklist and whitelist information and network statistics.

Overall Rating: 5/5

Supplier: Reflex Security
Price: c £5,000

The IPS100 gives a thorough inspection to all network traffic and can also be used as a filter. It operates inline and checks for external as well as internal threats.

Logging and reporting is clear and organised. Several real-time screens show network and attack traffic in many charts and graphs. At any time, a report can be created for any time period.

This unit, consisting of both a console device and separate sensors, broke the mould of other multi-unit devices. It set up very quickly and easily, and needed no additional configuration.

The web interface is intuitive and easy to navigate, and the device has clear and easily readable charts, graphs, and logs that include all network traffic, attack traffic, and other threats.

The IPS100 passed every test. We had no success either with our vulnerability scanning tool or our penetration tool. It instantly knew it was under attack and blocked all malicious traffic. What's more, during the attacks, no extra stress was put on the test network.

The IPS100 is great value. At around £5,000, it offers quick and effective network-wide intrusion prevention: a good investment for any size of company or network.

Overall Rating: 5/5

Supplier: eSoft
Price: c £1,500 plus c£295 a year for intrusion

The InstaGate can become more than just a firewall and IPS, as eSoft offers a mix of software extensions called SoftPaks. These include anti-virus, web filters, and IM and peer-to-peer filters.

Apart from being an all-in-one device, this has a range of customisable reports and alert logs. It also includes several real-time monitors and keeps track of all internal and external activity.

The product has an intuitive setup and a good web interface. A wizard guides administrators through all the basic steps, making deployment quick and easy with little disruption to the network.

The appliance performed excellently against all tests. The InstaGate Pro is dual-homed. It has one internal and one external connection, which allows it to act as isolated entities on both sides of the device. During our tests, we were only able to see the outside address of the box and could not get past to see inside to our target.

Each SoftPak has a different annual subscription fee, so it can become very expensive depending on how many features are desired. With all support included, however, it can be worth the price.

Overall Rating: 5/5

MXtreme Mail Firewall 800
Supplier: BorderWare Technologies
Price: £2,656

The enterprise-class MXtreme Mail Firewall is a 2U rack-mounted unit. Perhaps surprisingly for such a large device, the fan noise was not as bad as some of its smaller competitors, but loud enough to warrant housing it in a server room.

The unit ships with immensely comprehensive documentation, including a very well-written quick-start guide and a list of release notes that detail an impressive set of new features. Among these are outbound message signing, improvements to inbound header options, BorderWare Security Network (BSN) whitelisting, BSN relay checks, enhanced Language Support and DNS ordering.

Boot-up takes you to the initial configuration interface, which allows you to set the host name, gateway and domain name server settings. The IP address is preassigned, but can be changed.

The main home page shows up the activity of mail flowing through the unit. You can set the box to integrate with directory servers such as Active Director and also bind to an LDAP server.

We were curious to note that a product update stated it removed DomainKeys and SPF from the device's spam training due to their "unreliability". The firm assures us the product still supports both.

Overall Rating: 4/5

Supplier: eSoft
Price: c £925 plus c£229 per year for Email Threat Pak

Following a simple, step-by-step quick-start guide, we powered up the unit and waited for it to detect our DHCP server and assign an address within range.

eSoft has tried to make setup as simple as possible. After firing up the web-based console, users are taken through a series of steps to set up basic parameters and enter user and network information, such as network IP, subnet, gateway IP and preferred DNS servers.

This unit could not access the internet to download its so-called SoftPaks - software units that firms can mix and match to tailor their protection needs. Then after checking the settings we realised that we had omitted to add the ThreatWall's MAC address to our list of allowed LAN clients.

Thereafter, the unit cycled successfully through all its tests and took us to the SoftPak registration screen, from which it automatically began downloading the modules for which it is configured: in our case, the email ThreatPak with integrated anti-spam, anti-virus and email content filtering. We also received the Premium Gateway Anti-virus program.

Overall Rating: 4/5

Supplier: Clearswift
Price: £9,000 for 1,000 users

MIMEsweeper is designed to check email flowing in and out of an organisation against a list of different parameters, such as virus, spam and any defined corporate policies. This version would be best suited sitting on a dedicated server between the mail server and the internet.

Once up and running, the next stage is to look at setting policies. This involves not just deciding what types of attachments or words you want MIMEsweeper to block, it is also about what domains you are happy to accept email from.

The policy manager within the product is easy to set up. Configuring policies is extremely granular, extending down to the group and user levels. Specifying which content can be allowed and disallowed was also easy.

MIMEsweeper for SMTP is worth considering for any enterprise, although organisations running Domino or Exchange servers might want to think about using the vendor's other dedicated products instead.

Overall Rating: 4/5

Kaspersky Anti-Virus Business Optimal 5.0
Supplier: Kaspersky Lab
Price: £20 a year per node for 100 nodes, including Kaspersky
Administration Kit

To install this Kaspersky anti-virus software, you require either SQL Server or the Microsoft Desktop Engine on the machine or the network. This means a long wait for all the elements to be installed on the admin machine.

The console runs as a snap-in under the Microsoft Management Console, which effectively means that it can only be run under Windows.

This minor criticism aside, the console is easy to get to grips with and, on first look, provides the user with several options to install and maintain workstations and servers on the network.

It was easy to roll out anti-virus policies on to target machines. Policies can be modelled on a range of different templates, based on the target machine's function.

As usual with Kaspersky, the reporting tools are second to none. A few clicks generate reports on a variety of different metrics and the data is presented in html.

Overall Rating: 4/5

Supplier: F-Secure
Price: £11.50 per user for 1,000 users

Designed to protect against everything from hackers to the use of forbidden networking software, this product consists of two functional units. The F-Secure Policy Manager (console, server and web reporting) looks after the centralised management of the anti-virus solution in the network. It is partnered by the F-Secure Anti-Virus Client Security to prevent damage by a virus or hackers on workstations.

The Policy Manager console interface is clear and well designed. Using the intuitive GUI we easily built up a list of client PCs on our test network with the help of an auto-discover feature that creates a domain tree. Thanks to the product's "push installation", administrators can deploy F-Secure Anti-Virus Client Security for PCs and laptops remotely. The console allows you to specify target IP addresses to simplify management.

The suite was simple to install, although the sheer number of configuration components could be confusing. But it's an impressive and comprehensive package.

Overall Rating: 4/5

Supplier: IronPort
Price: £10,900

The device is based on IronPort's own hardened operating system, AsyncOS 4.5.5, and includes anti-spam, anti-virus, mail-flow monitoring, message encryption and virtual gateway technology.

It has an enhanced overview page that gives users a useful snapshot of remote hosts connecting to the device. It also features enhanced anti-spam, anti-virus and quarantine functions. For the first time, it includes support for domain key signing.

Boot-up time for the operating system was surprisingly long, but we will give it the benefit of the doubt because of the enterprise nature of the appliance. Web-based console users are initially prompted through an intuitive setup wizard.

Basic setup tasks went smoothly, such as defining IP addresses and routing gateways and domain names from which the device's inbound listener could accept mail. It was simple to define the filtering based on SenderBase reputation service scores. Out of the box there are three levels that can be set up: conservative, moderate or aggressive. Users can also set their own custom levels.

Overall Rating: 4/5

Supplier: Symantec
Price: £19.99 per user for 1,000 users

Symantec AntiVirus provides protection against spyware and viruses. The enterprise edition also tackles spam and provides content filtering. The corporate edition is designed for a predominantly Windows environment, although NetWare support is available for some modules.

Platform support also looks set to be improved, with a newer version soon available promising support for Red Hat Enterprise, SuSE Linux Enterprise Server and Novell Linux.

The System Center management console is a straightforward, two-pane Windows Explorer-style affair. All the clients for which we chose to install the remote software were imported into the System Center management console, where any number of tasks can be carried out. From here it is possible to organise scans, update schedules and carry out other tasks.

While the management console is thorough, it can be a little confusing and laborious to use. But one of the advantages of Symantec software is its scalability.

Overall Rating: 4/5

Supplier: StillSecure
Price: from c. £21 per IP

This feature-rich device scans by monitoring the network for new hosts or IP addresses and requires that each computer passes its tests before connecting it to the network. All activity is shown in a detailed report explaining what tests the user passed or failed.

The appliance is simple to set up and rapid to deploy. The Safe Access platform is built on Red Hat Linux and is installed on its own server. Once setup is complete, configuration is done through the web interface. An intuitive configuration wizard assists in final setup and configuration of policies.

Safe Access performed very well during the test. It even denied access to our clean test machine because the anti-virus software we installed on it required an update. Neither of our machines was able to access network resources until the policy was met.

All this power comes at a price, though. The Safe Access licence could become expensive for large enterprise networks - however, volume discounts apply.

Overall Rating: 5/5

Supplier: LANDesk Software
Price: £60 per node for Management Suite; £20 per node for
Security Suite

LANDesk Security Suite must be installed on a central server, which must pass certain security and version tests. After installation, policies can be set for access, applications, software versions, service packs, anti-virus etc. Agents planted across the network also allow the console administrator to take remote control of machines in violation of policies.

Although setup and installation is simple and intuitive, configuration is more difficult, and the application interface can be frustrating to use.

The documentation for LANDesk is easy to follow and is downloaded from the company's website. Free phone support is offered between 8am and 8pm EST, and there is an online forum and a knowledge base. This is one of the higher-priced products for large enterprises, but LANDesk is a fully inclusive endpoint security program with significant capability.

Overall Rating: 4/5

Supplier: Secure Computing
Price: £55,500

This model is a beefy 3U box, supporting up to 38 ports with a total filtered throughput of 2.8Gbps (or half that for AES-encrypted VPNs). Hot-swappable redundant power and RAID storage is standard, and the box fully supports high-availability in various configurations.

Secure Computing provides a great tool for configuration in the form of an offline html page that walks through the options and generates a text file. This can then be put onto a USB flash disk or floppy, and when the machine boots it will configure itself to that spec. The only worry was that the administration password is stored in the file, so anyone with access to the same tool could brute-force the original password without much difficulty.

With built-in content filtering, support for H.323 for voice, two-factor authentication, application proxies and VLAN support, plus very high-capacity IPsec VPN capabilities, it all adds up to a comprehensive package. However, surprisingly there is no support for quality of service for a product that scales all the way up to high-end data centre environments.

Overall Rating: 4/5

Supplier: Astaro AG
Price: £6,893

The ASG 425 is at the top end of Astaro's 1U appliance range, with several smaller versions and two larger options available. The unit offers eight ports, but just one is active by default, and this is used for the internal segment and web management. The rest must be specifically enabled and configured.

The web GUI got us up and running without any hitches. The GUI works fine, and the dummy SSL certificate installed in the box is easy to change. Doing so caused a bit of confusion in the interface, with the existing admin session becoming stale and reconnection then requiring the stale session to be terminated: only one active login per user is allowed. This sometimes caused problems with page refreshes, too.

Every page in the interface provides context help, and the appliance provides a searchable electronic version of the manual.

Documentation is very good, with a well-written explanation of deployment scenarios, likely uses and other useful pointers, rather than the walkthrough of the interface most vendors provide. This is a nicely integrated box with all the features we expected, plus some surprises, such as support for UPS notification via USB.

Overall Rating: 4/5

Supplier: Fortinet
Price: £12,886

We were pleased to see the FortiGate-1000A's web GUI default to a secure https connection. A fully-featured console is also available through a serial connection.

The interface is elegant and does a good job of grouping items together, although related tasks could be linked a bit better.

A setup wizard created a new admin password and configured external interfaces and firewall rules for internal servers providing common services (smtp, web, ftp, pop3) and a choice of security levels. We would have liked more information here, rather than having to go to the documentation for what exactly "high" or "medium" security might entail, but all the basics are clearly explained.

The filters include options to detect grayware, including adware, Browser Helper Objects and more. These are disabled by default, and there is no whitelist to allow objects on a granular basis. But it is a useful addition.

This is a fully-featured UTM offering at the right price, which doesn't skimp on the firewall and filtering features to do other, more glamourous tasks.

Overall Rating: 4/5

Supplier: i2
Price: £3,600 inc. one year's support

The Analyst's Notebook from i2 is a different-from-most analysis tool in that it is a true link analyser with a long pedigree in examining complex crimes and security incidents.

Installation moves quickly - within two hours we had imported and analysed metadata from EnCase for a detailed breakdown of data on a hard disk, put in hacker profiles and examined a 65,000 record intrusion detection system log for links between attacks and attackers.

Logs, events and other data feed the link analyser's work process. The easiest way to input data is by importing from a spreadsheet using a CSV file. This allows users to import logs of virtually any kind into the analyser, then the tool sets up the relationships and displays them in various formats.

Viewing relationships is intuitive. The Analyst's Notebook is part of a suite of products that allow very large, complex logs to be analysed and subtle connections found in extensive distributed enterprises.

Overall Rating: 5/5

Supplier: LogLogic
Price: c.£27,000

The LX 2000 is as feature-rich as you could wish. Its displays are straightforward and you can perform a wide range of analyses relatively easily. Coupled with the ST 3000 large-scale storage appliance, it becomes an extremely powerful tool for managing, analysing and archiving huge amounts of data.

Documentation comes as a set of clear and comprehensive PDF files on a CD. Specialised tasks need to be referred to LogLogic support, but we found this to be first rate.

A product such as this is a key ingredient in managing the overall security of all sizes of networks. The LX 2000 alone is suitable for small to mid-sized enterprises, while the addition of other LogLogic family products allows scaling to virtually any size.

This is an excellent log analysis tool, but it's not for the fainthearted. While its user interface is excellent, it has many hidden capabilities that require some time to understand. It's also expensive.

Overall Rating: 5/5

Supplier: Technology Pathways
Price: £7,995

A complete IT forensic tool that can access computers over the network (with agents installed) to enable media analysis, image acquisition and network behaviour analysis. Other capabilities include remote analysis of running processes, open files, open ports and services, and other network-based functions.

Although fairly easy to use, its complexity and granularity mean the user must have some experience of working with a program of this nature. But the user interface is laid out much like other products in this category, and we could navigate around it with barely any trouble at all.

Once we became familiar with the layout of the interface, we found it was a powerful tool - able to fully image both our forensics test disk and a disk on a computer on our network. We also found that it was quite efficient, with fast and accurate imaging. Remote agents are very small footprint.

Documentation is well laid-out with clear explanations of all the program features. All in all. this product is excellent value.

Overall Rating: 5/5

Supplier: Data Encryption Systems
Price: From £25

DESlock+ is a useful and comprehensive collection of encryption tools for Windows, packaged in an intuitive, easy-to-use manner. Also included are two rugged USB devices for storing keys, one of which is a back-up.

The DESkey devices can store up to 64 keys internally, or software key files can be used instead. Both folders and individual files may be encrypted with DESlock - in fact, even parts within a file if only certain parts are sensitive.

An Outlook plug-in is included; recipient keys are easily organised via key sharing, and useful wizards are supplied for managing both key files and tokens. Other utilities include a shredder for secure file deletion, a scratchpad for storing personal text, and a message viewer that will decrypt a message into the viewer window without decrypting the underlying file.

Supported encryption algorithms include 3DES, Blowfish and AES (128-bit), with the RSA algorithm for key transfers.

Overall Rating: 5/5

Supplier: Dekart
Price: £24.40

Dekart Private Disk is a small footprint program to provide seamless data encryption with further useful functionality.

The concept of a disk firewall is particularly interesting, providing application-level access control, whereby a whitelist of trusted applications is maintained within the encrypted disk area. If an application not on this list tries to access any protected file, it will simply be blocked.

This not only guards against malware, but may also prevent file copying or other manipulation of data - a simple and effective idea. Also interesting is the ability to run Private Disk directly from portable media, allowing access by authorised users even when using a different PC - again, a simple and effective approach that many users will find useful.

Private Disk is flexible in its application and can work with a broad range of portable media, including USB sticks and flash memory cards. It is logical, intuitive and easy to use.

Overall Rating: 5/5

Supplier: WinMagic
Price: £82

This is not just a simple plug-and-play product. It enables user authentication at the preboot level, supporting passwords, tokens and even biometrics. WinMagic has worked closely with other organisations to provide a comprehensive choice of proven token technology.

Planning prior to deployment is crucial. This is emphasised within the comprehensive PDF manual, which also provides a good deal of background information for the security administrator. The various dialogues and wizards are logical enough, but they require a certain level of technical understanding.

The enterprise edition includes the SecureDoc Enterprise Server to facilitate large-scale network deployments and associated key and password management. Featuring a Microsoft SQL database, user and group credentials can be imported from an existing Active Directory.

Overall Rating: 4/5

InstaGate PRO
Supplier: eSoft
Price: £1,553

This product is feature-rich and especially easy to use and administer. Setup really is as simple as taking it out of the box and plugging it in. It is then configured using a straightforward, web-based wizard.

The InstaGate PRO is a very powerful appliance. Software packages called SoftPaks, which include anti-virus, anti-spyware, anti-spam, intrusion prevention, a web filter, a firewall and many others, allow for complete customisation.

It has a simple-to-navigate web interface that accesses the threat monitor page. This displays an overview of the system's state, firewall, inbound and outbound traffic and intrusion detection.

The box is well integrated both with itself and the network on which it is placed. It is designed to work with existing firewalls and VPNs, as well as by itself. The device produces many different reports, all with colour graphs and charts, plus full event information.

The base price covers the appliance itself and the firewall, VPN (PPTP and IPsec), DMZ, policy management, user management and WAN failover features. Other features can be purchased for a one-time fee or by subscription.

Overall Rating: 5/5

Supplier: Equiinet
Price: £2,495

The NetPilot appliance is simple to set up - you just plug it in and turn it on. Once booted, the box starst its automatic configuration, which can be changed to fit the specific needs of the network. This can be accessed from anywhere on the network; once the user is logged in, all functions are there at the touch of a button.

The interface is broken down into categories such as security, user accounts, email filter policy, logs and maintenance. These then lead to sub-categories with policy settings, configurations and many different logs and charts.

NetPilot is packed with features, including a built-in firewall, VPN, email filtering, URL and web filters, IDS, file and print servicing, intranet and web page caching. But it lacks some elements offered by rivals, for example anti-spam and web filtering.

The appliance provides amazing functionality and performance. All its features integrate seamlessly. It also features easy-to-read logs with different charts and graphs.

With a reasonably small price tag, low maintenance and free updates, NetPilot is excellent value for SMEs or branch offices.

Overall Rating: 5/5

Supplier: Internet Security Systems
Price: £8,118

Recommended for its power and simplicity, this product was up and running in no time. Its Java-based web interface is easy to navigate, while policy configuration is both easy and intuitive. Alongside the imaginative layout of the web interface, it offers useful help files. All this makes this device very simple to manage.

The box is loaded with useful features, including a firewall, VPN, intrusion prevention, web filtering, anti-virus and anti-spam. They are accessible from the web interface and fully customisable to suit the individual needs of the particular network environment.

The appliance is able to integrate seamlessly with the existing structure of the network. All logs and alerts can be viewed easily in real time.

With fully customisable policies, a load of well-integrated features, and easy-to-read logging and reporting, this product performs extremely well.

The Proventia MFS Appliance is excellent value for money. The product provides many custom features, full comprehensive protection and easy management. This would be a good investment for just about any medium-to-large, even very large, company.

Overall Rating: 5/5

Supplier: RSA Security
Price: c £9,290 for 100 users, including three-year hardware

There is a huge choice of installation hardware for SecurID, with support for Windows Server 2003, Solaris, Red Hat Linux, HP-UX, AIX and Novell Suse Linux Enterprise Server.

The product is managed through the RSA Authentication Manager management console. It can link with an LDAP server, such as Active Directory, so you can pull in existing users, but you can't manage tokens directly from your current directory management tool.

There's a good range of hardware and software tokens, including software clients for BlackBerry, Java phones and Pocket PC.

A new single-use code is automatically generated every 60 seconds. This means that registering new tokens has to be done with the provided CD, as this gives the server the required seed record to synchronise its key generation with the token's. It's a bit more work than asynchronous systems and means that the tokens can get out of sync with the server.

But while management might be awkward, third-party integration is second-to-none.

Overall Rating: 5/5

Supplier: KoolSpan
Price: £2,680

KoolSpan's SecurEdge is designed to provide safe access to a network through a 256-bit AES link with support for up to 512 simultaneous users. The kit comprises a lock that bridges the external network to the internal one and a set of USB keys providing authentication.

The keys come preconfigured, so the only real bit of network wizardry you have to perform is configuring port forwarding on your router/firewall to pass authentication requests to the lock. As it bridges two network connections, you may install it to provide secure access from a wireless to the wired network, or for secure access to a server.

You can manage keys by revoking network access, renaming them to match the owner's username and selecting which locks they have access to. Aside from allowing or denying access, though, there are no controls on network traffic, so if you're looking for a complete access control system with fine granular control, this isn't it. But it is a great way of adding hardware-based authentication to your existing systems.

Overall Rating: 5/5

Supplier: Secure Computing Corporation
Price: £35.26 per user for 1,000 users

SafeWord Premier Access adds an authentication server to your network that can protect your VPN connections.

Authentication can be through smart cards or Secure Computing's own tokens, which come in gold, silver and platinum. Gold tokens generate a single-use password after a PIN has been entered, so warn users that typing the wrong PIN generates an invalid code. Silver tokens are operated by a single button, while the platinum version comes with a keypad.

The company also supports a variety of other two-factor devices, as well as mobile authentication. Tokens are event-based, so they do not need to remain in sync with the authentication server.

There is a choice of management options, including Secure Computing's own console, which is available with the Enterprise Solution Pack that also adds authentication for Unix login, web servers and web applications.

SafeWord is a very simple product to manage, particularly for Microsoft-based servers. However, it's also highly extendable.

Overall Rating: 5/5

Supplier: TriGeo Network Security
Price: c£10,400

TriGeo SIM is simple to use and comes with many rule sets preconfigured for most security situations. Setting rules for specific environments is made easy by the Rule Builder, which uses different modules with dedicated parts that you just drag and drop into the right place and the rule is created. Filters are also easy to configure using the same process.

This appliance is loaded with features, including real-time log analysis, prebuilt correlations and IPS/IDS. It also boasts a unique feature called USB Defender, which logs and alerts if a USB storage device is plugged into any device on the network.

The TriGeo box analyses and reports information in various clear and easy-to-read charts and graphs. In addition to more than 220 stock reports, it has the ability for the user to customise reports using the built-in Crystal Reports Engine. The TriGeo has a wide variety of log correlation and analysis tools that make it a fully comprehensive security device.

The easy setup, configuration, and analysis of reports helps cut down on the cost of training personnel while still delivering accuracy. This product offers excellent value both in the way of cost and performance.

Overall Rating: 5/5

Supplier: eIQnetworks
Price: c £4,195 including licence for five devices and five

Although this program is simple to use, we found it took a little time to setup and configure. Once the main install is done, there are follow-up steps of creating SSL certificates for IIS and possibly other loose ends, depending on the environment.

With a user-friendly interface, topology maps for event tracking and easy-to-read reporting, this product encompasses all the main features of a large-scale security monitoring system. The eIQ Enterprise Security Analyzer has the ability to do log file forensics for retracing log event patterns to isolate a security incident. It also displays detailed real-time charts of events and alerts that are shown on the dashboard.

This product offers a lot of value both in terms of investment and security. Since it is able to integrate onto any Windows server, it does not require the addition of a separate machine, which cuts down on overall cost of ownership.

Overall Rating: 5/5

Supplier: High Tower Software
Price: c£31,440

High Tower preconfigures all the equipment before it is shipped to the end user, so when the appliance arrives there are just a few simple steps to complete before it is online and ready to go.

We found this product simple to use, thanks to the intuitive user interface that includes an easy-to-read dashboard-type console. The overall simplicity of managing this device was one of its attractions. The console is built on the Java platform, so it is possible to have many different window modules open at the same time without ending up in a jumbled mess of clicking through branch after branch or tab after tab to locate information. The device is capable of handling up to 20,000 events per second and displaying real-time alerts and information.

While this product has a lot of capability and flexibility, it does sit high on the price spectrum. We still think it is good value for money and a good investment for companies that can afford such a device and have the requirement for its high performance.

Overall Rating: 5/5

Supplier: SonicWall
Price: £1,575

Once the interfaces are configured for the network, the SonicWall appliance is administrated via the user-friendly web interface.

The SonicWall has loads of features in addition to the SSL VPN. These are atypical in that they address those things that one would expect in a multi-purpose appliance rather than in a VPN. For example, along with access to web servers, ftp servers, and file shares, this appliance lets administrators create a Virtual Office for users. This can run applications such as Outlook, Word and Excel from a server, as well as give remote access to desktop or server machines. Administrators are therefore able to develop very complete portals.

The product is flexible enough to support separate portals, giving it a distinct workgroup flavor. One feature we liked is the ability to use the VPN to access an individual worker's desktop computer remotely.

In addition to providing Radius, LDAP, NT Domain or Active Directory authentication, this box uses an authentication method called one-time passwords, which works as a two-factor authentication scheme.

Overall Rating: 5/5

Supplier: Caymas Systems
Price: c£13,340

Generally, this appliance boasts the types of features administrators like. It is easy to set up and requires little maintenance once in operation.

The Caymas 318 uses several ways to control user access. Policies can be set up so that users can only access what their identity, authentication method, client, location and time of day will allow them to. Also included are various access modes, such as web, file or client/server applications in either clientless, thin or thick client mode.

We found this device to have many options for authentication, which really add to its flexibility. It supports Radius, LDAP, Active Directory, PKI Certificates (with CRL checking) and local authentication. It also incorporates two-factor authentication such as SafeWord and ActiveCard.

An easy-to-follow quickstart guide gets the appliance going in no time. This guide shows how to set up the device using a serial console and gaining access to the web interface.

While the Caymas 318 is flexible and versatile, the cost is at the high end for an SSL VPN appliance. We did like a lot of its features in both user access and security, and support is superb, but we are not impressed with the price tag.

Overall Rating: 4/5

Supplier: Lan-Secure
Price: c£525

Security Center Lite offers a relatively low-cost introduction to vulnerabilty scanning and intrusion detection for infrastructures with up to 100 network nodes. The product is software-based and needs no remote agents. It is thus simple to deploy and configure within typical Microsoft-based infrastructures, requiring Windows XP or Windows Server 2003, with Internet Explorer 6 or above.

Security Center Lite comes at a fraction of the cost of many more sophisticated products in this space and therefore should not be expected to offer equivalent functionality. However, it also requires less admin and support.

The software is very easy to deploy and will reveal aspects of your network that were not previously visible to you. Also, it will enable you to quickly become proficient at spotting potential vulnerabilities and blocking offending nodes accordingly. Plus, it can provide a degree of automated rules-based protection.

Overall Rating: 4/5

Supplier: AirMagnet
Price: £5,500

AirMagnet is unusual in that it specialises in protecting wireless local area networks.

The freestanding AirMagnet SmartEdge sensor performs the primary analysis of events within the sensor itself, via an integral AirWISE analysis engine, obviating the need for heavy network traffic to and from a central analysis engine.

The network of deployed sensors then reports back to the AirMagnet Enterprise Server via a conventional ethernet network, where further event correlation can take place.

The SmartEdge sensors can be configured via a console on the network or via a serial connection directly to the sensor, which sports a conventional 9-pin connector. This is a thoughtful touch, as the latter arrangement may well suit a variety of implementations where sensors are scattered around a given physical environment.

All in all, a very welcome tool that will enable organisations to finally have as much confidence in their wireless networks as they have in the wired variety.

Overall Rating: 4/5

Supplier: MessageLabs
Price: from c£1-4 per user per month

This is a comprehensive hosted security solution for IM. We were provided with a simple ten-user licence evaluation version of the system. At the heart of the product is a hosted administration tool that is extremely intuitive and easy to use. From here we were able to access all aspects of management, establish policies, add users and view relevant reports.

The client software is called Professional Online Desktop (POD) and is an excellent approach to instant messaging security. As administrator we could assign which networks the user could access (Microsoft IM, AOL or Yahoo or any combination of these), all of which is then done through the user's version of POD rather than the third-party applications. It allows for much greater control over security.

Users can be added to the configuration module very quickly through a batch file. Overall, it's difficult to fault MessageLabs' approach to IM security.

Overall Rating: 5/5

Supplier: FaceTime Communications
Price: from £7,500

A rebadged Dell PowerEdge 850 rack-mountable 1U server, the RTG500 is aimed at the medium-sized to large enterprise market. To access the initial set-up screen we had to connect a monitor and keyboard. Unlike some of the software suites, the FaceTime server is aimed purely at IM.

The console is clearly laid out and quite Web 2.0 in appearance. It has a dashboard look and feel about it and provides a real-time view of traffic such as spyware, IM, peer-to-peer, HTTP and UDP. All other TCP traffic is grouped under one heading.

On first use of the appliance the default global policy for instant messaging is not to allow file transfers, peer-to-peer, client connections or IM networks.

The main configuration window provided a clear and concise view of the device. We could establish custom policies via individual IP addresses or a range of addresses. Spyware policies can also be established here.

FaceTime has produced a good all-rounder that adequately covers the networks most likely to be used in today's corporate environments. It was let down slightly by minimal documentation and some aspects of utility.

Overall Rating: 4/5

Pinion Desktop Packager
Supplier: Pinion Software
Price: £2,560 (5-user licence)

Pinion's desktop package is a simple, individual user-oriented DRM program. We tested the Workgroup Edition. The product sits on the desktop and allows the user to package a document. Once the file is encrypted and recipient rights are attached, it may be sent out. To open the document, the recipient needs the Pinion Receiver, which can be downloaded for free from the Pinion website.

Desktop Packager supports a broad array of file types, including Word, Excel, PowerPoint, Lotus Notes email messages and Cad applications such as Autodesk, Solidworks and PTC. In addition to encryption, other protections may be applied selectively to the document and the user can limit the time the document is viewable.

The desktop packager and the receiver were easy to install and the product integrated seamlessly with Outlook. If there is a downside to this product it's the price, which may keep it out of reach of most small companies.

Overall Rating: 5/5

Supplier: Avoco Securel
Price: c£198

This is a desktop product in that it requires no server and instead attaches document rights to the individual document. It can be deployed as either a simple desktop DRM application or as a full-blown E-DRM system using the server to manage the clients over a large, distributed enterprise.

Of all the products we looked at this was the simplest to deploy. The installation is intuitive, with an easy-to-navigate interface and clearly displayed settings, policies and restriction options. The solution comes with a set of predefined policies and uses an information classification paradigm.

Administrators can create a set of classifications to match their organisation's policies, with use restrictions for each level. Users apply the appropriate classification to their documents.

There are several options for access control, including Active Directory, password and groups. Printing, copying and changing files can be prohibited. An optional manager and an enterprise server are available.

Overall Rating: 5/5

Workshare Protect Enterprise Suite
Supplier: Workshare
Price: from £18 per user per year

This is a true large-scale extrusion prevention solution. Successful deployment of this client/server application requires configuration of Microsoft Server 2003 and SQL Server, as well as detailed knowledge of these platforms. However, once installed, it is easy to use and can be customised for many different conditions.

The suite's policy manager can act as an information gateway, applying content filtering for more than 370 file types. It includes document rights restrictions, email blocking based upon content, and policy-control of PDF conversions. We were unable to compromise denied documents or find a way to get the system to violate its policy.

The licence can become a fairly expensive proposition for the size of enterprise for which it is intended. However, this was the most complete product we looked at in terms of capabilities, and for big organisations with large numbers of sensitive documents, this is a very powerful product.

Overall Rating: 5/5.