Content

Group test: This year’s best buys and recommended products – Best of 2006

As 2006 comes to an end, we look back at the products that received our coveted SC Best Buy and Recommended awards. Here's your chance to once more read the highlights from our group tests and discover why these products were rated so highly by our expert reviewers. The full text of all these reviews can be found on our website at www.scmagazine.com/uk/reviews

ANTI-SPYWARE
Spy Sweeper Enterprise
Supplier: Webroot
Price: £8.80 per user for 1,000 users
Contact: www.webroot.com

This product combines the excellent detection tools of Spy Sweeper witha management front end, Admin Console, a Java-based application used tocontrol how you deal with spyware over the entire network.

Installations can be managed by group, enabling you to schedule scansand updates as appropriate for individual PCs and their uses. Groupsare automatically created based on Windows domain names, but you cancome up with your own. Updates are handled locally, and Webroot does areally good job of it, including being able to choose to automaticallyinstall program updates.

This level of granularity will appeal to large networks with strictversion controls. Scanning can be scheduled or run manually, either ofan entire group or individual PC. Scans run quickly in the backgroundand both the level of detection and the removal success isexcellent.

The Smart Shields can be configured for real-time spyware blocking,including browser hijacking and preventing new start-up processes.These are turned off by default, so you need to enable them forcomprehensive protection - better default settings would help,however.

With excellent protection and an enterprise-worthy management console,Spy Sweeper Enterprise has the protection you need.

Overall Rating: 5/5

VSA NG-5000
Supplier: Finjan
Price: £4,570 for 500 users for one year, including silver
support
Contact: www.finjan.com

Part of Finjan's Vital Security Appliance range, the NG-5000 uses a2.8GHz Pentium 4 processor, has 2GB ethernet and four fast ethernetports. Deployment will depend on the size of your network, and you canmake one box do all the work or, for large networks, install one as apolicy server for centralised, web-based management and use additionalboxes as scanners.

The level of protection depends on the security options you enable. TheNG-5000 can be installed with third-party anti-virus products andweb-filters, which means it can be integrated into your existingsecurity infrastructure.

On top of the third-party scanners, Finjan offers its own anti-spywareprotection. It works at the gateway and is configured through the samesimple-to-use web interface as the others.

A range of protection is available, starting with Finjan's list ofknown spyware sites. Blocking by this category means you can filter outnumerous sites, preventing users from becoming infected.

As a gateway product, there are no removal tools, so you still needdesktop protection. But this is an excellent security appliance.

Overall Rating: 4/5

ANTI-SPAM
IronPort C300 Email Security Appliance v4.1
Supplier: IronPort Systems
Price: £11,500
Contact: www.ironport.com

The C300 is aimed at SMEs handling up to 5,000 email users. Set up wassimple, and we had the device configured and running in minutes. Thebrowser management interface is logical and well designed, and itsonline help system offers extensive explanations and examples.

We found it easy to generate a policy to inspect mail addressed toparticular users. If the content matched our search strings, the systemwould block the delivery and send a notification to another specifieduser that the mail has been received. Search strings can be regularexpressions for even greater flexibility. You can also apply thesepolicy rules in any order, intercepting mail before it enters theanti-spam system. Sender verification can even be configured toautomatically reject or accept mail from listed domains and emailaddresses.

The reporting system allows reports to be sent to multiple recipients,but there are only two types: an incoming volume report and a systemsummary report. However, these can be configured to run at differentintervals, and the various sections can be reordered so that areasonable amount of flexibility is possible.

Overall Rating: 4/5

MAILGATE 5550 APPLIANCE
Supplier: Tumbleweed Communications
Price: c £7,700 for 500 users
Contact: www.tumbleweed.com

Aimed at the enterprise market, the Mailgate 5550 offers dualprocessors, redundant power supplies and four hot-swappable disk driveswith two Gigabit ethernet connections in a 2U chassis.

Installation was straightforward: we simply entered the networkaddresses for the interfaces via the control panel at the front, whileprinted installation documentation gave a step-by-step guide toconfiguring each option using a browser connection to the managementinterface.

In practice, little administration is needed, as most of the anti-spamfeatures are automatic. Admin just needs to decide the level of spamdetection to use - blocking it completely, simply tagging it andpassing it through or allowing end users to determine the rules.

The device was easy to use, with complexities completely hidden behindthe interface. Although this feels a little strange at first, it soonbecomes familiar, and the detailed monitoring screens and reportingprovide reassurance that the appliance is really doing its job.

Overall Rating: 4/5

VULNERABILITY ASSESSMENT
Auditor: Enterprise 4.1
Supplier: NetClarity
Price: c £11,500 for 256 addresses
Contact: www.netclarity.net

NetClarity's Auditor is a fine example of a fully featured appliancethat does not offer just vulnerability assessment, but also tiesresults to compliance and ongoing information systems auditprograms.

The documentation is complete, well-illustrated and straightforward tounderstand. We ran into no installation or usage problems that we couldnot solve from the included manuals.

The appliance is also quick and easy to set up and use. Just plug itin, follow the installation guide and go. The setup guide was clear andthe appliance was ready for testing in less than an hour.

The Auditor Enterprise performed very efficiently on our test network.One interesting capability is its ability to audit against credit-cardsecurity programs and regulatory requirements. Scans/audits can be setup with specific compliance requirements, and the final report willrate the target system relative to those values. Several regulatoryreporting schemes are included with the appliance.

The product does everything one would expect it to do and does it allextremely well.

Overall Rating: 5/5

NESSUS/NEWT 3.0/2.2
Supplier: Tenable Network Security
Price: Free: plug-in access after seven days; commercial direct access
to plug-ins c£700 per year
Contact: www.tenablesecurity.com

In its original configuration, Nessus is client server-based. The scanengine sits as a server on a Linux computer and you can communicatewith it using Linux or Windows clients. The client can sit on theserver machine or not. This is a good portable scanner for consultantsand engineers who need to manage vulnerabilities on multiple sites.

Because parts of Nessus are still open source, there is a hugecommunity of developers creating "plug-ins" for new vulnerabilities assoon as they are discovered. The result is a library of nearly 10,000plug-ins that are available automatically seven days after they areintroduced, or immediately for a £700 annual subscription.

Because of this, Nessus is arguably the most capable scanner available.Clearly, the price is right, and there are no limitations on the numberof addresses you can scan. Reporting is simple, but excellent.

Overall Rating: 5/5

CORE IMPACT 5.0
Supplier: Core Security Technologies
Price: Not supplied
Contact: www.coresecurity.com

Core Impact is different in that it is primarily a penetration testingtool. It behaves like a hacker, performing vulnerability and portscans, then attempting to penetrate the target using thevulnerabilities it finds. There are real benefits to this approach.

First, most of the tools tested report all the vulnerabilities theyfind, categorising them on their importance. But this means the teststake individual vulnerabilities out of context, making it difficult tounderstand what is important.

Email support is available, and purchasers receive a free onlinetraining session with a member of the support team over the phone.

Core Impact is very easy to install and you can begin testing quickly.Different panels guide you through all steps from discovery to clean-upand reports. A quick-start guide walks you through each test.

We found the product to be fairly flexible, with quite a few optionconfigurations and details of attacks with a solid user interface. Fororganisations that need to be sure of the security of critical orsensitive systems, Core Impact is a must-have.

Overall Rating: 4/5

SAINT SCANNER 5.9.8
Supplier: Saint
Price: c £1,250 for Class C
Contact: www.saintcorporation.com

Saint has its roots in the earliest days of automated vulnerabilityassessment. It has been dressed up in a new suit of clothes, butretains its Unix roots. This is, first and foremost, a vulnerabilityscanner. In that regard, it is very similar to Nessus, but its userinterface is about as clean as one would expect, and it is web-based,making any web browser the platform for the GUI.

Support is acceptable, and there is a strong web presence adding to thesupport in an on-demand fashion. Saint is generally easy to use,although not all Linuxes behave well. RedHat 7.2 went very smoothly,even in a VMWare environment, but Mandrake 10.2 did not allow a cleaninstallation and Saint had to be uninstalled.

This is a powerful workhorse vulnerability assessment tool, quitescalable and true to its mature vulnerability assessment roots, whilepresenting an easy-to-use and configure user environment.

Overall Rating: 5/5

EMAIL MANAGEMENT
MIMEsweeper Email Managed Service
Supplier: Clearswift
Price: from £1.08 per user per month for 10,000 users
Contact: www.clearswift.com

The service is pretty simple, offering basic filtering services toMIMEsweeper customers who want to reduce the volume of incoming spam.But there are plans to make the full suite of MIMEsweeper functionsavailable through the managed service.

The current GUI is very good. The dashboard provides not onlyoperational statistics, but also alerts the admin of any DNSmisconfiguration. The filtering rules are configured through a simplebuilder not unlike Microsoft Outlook's local filter interface.

Multiple domains are managed from the same interface, with delegatedadministration. A conspicuous absence is a visible admin log, but thesystem does track activity internally. Reporting is also quite basic,with most useful information available in a separate log facility,where specific alerts can be monitored.

We expect this service will turn into something special when the fullcapability rolls out.

Overall Rating: 5/5

MIMECAST ONLINE
Supplier: Mimecast
Price: £1.25 per user per month for 5,000 users
Contact: www.mimecast.com

Mimecast offers its technologies as an appliance and a managed servicefor smaller enterprises, run from three data centres. It is almostwholly automated; clients do little administration work at all beyondreporting.

The service starts by watching regular outbound mail for a few days tobuild up a whitelist of email senders that is used to filter invalidrecipients. But this needs careful handling for mail aliases andservice accounts that do not generate outbound mail. Indeed, it isprobably better served by just integrating with an LDAP server.

Incoming mail is treated in a similar way - if the sender and recipienthave not communicated before, it is briefly quarantined while checksensure the sender is a real mail server rather than a bot.

Mimecast offers an amazing degree of control over the operation of theservice, presented in a very effective interface, with policy optionson every aspect of mail delivery, handling and management.

Overall Rating: 5/5

SINGLE SIGN-ON
RSA Sign-On Manager 4.5
Supplier: RSA Security
Price: c £28 per user up to 2,000 users
Contact: www.rsasecurity.com

RSA Security's software provides enterprise-level single sign-on witheither conventional passwords or, preferably, two-factor authenticationusing RSA SecureID tokens.

An Active Directory application mode data store is configured to housethe sign-on manager-specific attributes without unduly interfering withyour existing active directory.

With two-factor authentication, users must be assigned to specifictokens by importing available token data and assigning them a tokenfrom the pool. For static passwords, relative strength characteristicscan be set. You can even set the number of allowable days for offlineuse and send expiration reminders.

This is a serious, enterprise-level tool and, as such, deployment willneed to be properly considered and planned. For those ready to do this,RSA Sign-On Manager is a first-rate solution.

Overall Rating: 5/5

ONESIGN
Supplier: Imprivata
Price: c £23 per user for 1,000 users
Contact: www.imprivata.com

A capability such as single sign-on must be robustly managed, andImprivata provides for this with its dedicated appliance and associatedagents, which reside on the user's workstation. The 1U device is asturdy, if rather noisy, device. Initial configuration isstraightforward, supported by a two-line facia display, an on-boardadministrator guide, a manual and a set-up flyer.

The Imprivata agents take care of things at the client end and allowfor user authentication via passwords, tokens or biometrics. Two UpekTouchChip fingerprint readers were supplied as typical examples of thesort of biometric devices that might be used in a corporateenvironment.

Application and user profiles are stored on the OneSign Serverappliance, from where the agents download required credentials atinitial log on, then communicate periodically with the server to catchany changes. This can also take place remotely, via a VPN if desired,to support mobile users.

This is a user authentication system for those who take such mattersseriously and need an enterprise-wide solution that is both robust anduser-friendly.

Overall Rating: 5/5

PATCH MANAGEMENT
PatchLink Update 6.2
Supplier: PatchLink
Price: from c £10 per node
Contact: www.patchlink.com

PatchLink's product has an impressive range of support for differentoperating systems. Not only does it support Windows from 95 onwards,but also AIX, HP-UX, Macintosh's OSX, Red Hat Linux, Red Hat EnterpriseLinux AS/ES/WS and Solaris. Novell Netware is thrown in for goodmeasure.

Installation requirements are strict. In the end, we settled forinstallation on a clean system as it didn't like sharing a machine withMicrosoft Access. Nor, we were told, would it install on a primary orsecondary domain controller.

In fact, the vendor recommended the server be installed on a standaloneworkgroup server. This flags up the issue of how to integrate thisproduct into your infrastructure.

The software is now much more user-friendly, with information updatedincrementally, rather than refreshing the whole database. This improvedthe time spent pushing critical patches out to endpoint devices andkept bandwidth overheads to a minimum.

This product is definitely worth considering for largeinstallations.

Overall Rating: 4/5

NETCHK PROTECT 5.5.1
Supplier: Shavlik
Price: from £20 per seat, including one year's maintenance
Contact: www.shavlik.com

Shavlik's patch management offering uses agentless technology and, onceinstalled, the first task was to perform a quick update of the patchsignature files.

The console takes a split-screen approach to navigation, with all thetools you need positioned on the left-hand side and the relevant datadisplayed on the right. Templates can be established to let youdetermine how a particular environment is controlled.

Templates cover patch and spyware scanning, patch deployment parametersand remediation processes, and each is extremely configurable. Remotepop-up boxes can be established to let end-users know their machinesare being updated and there are detailed reboot options.

The console is very intuitive and easy to use. Reporting iscustomisable and allows detailed network analysis. NetChek Protect hasrelative simplicity and an agentless architecture, but impressivedetail and performance.

Overall Rating: 4/5

WEB CONTENT FILTERING
Websense Security Suite Lockdown Ed 6.1
Supplier: Websense
Price: £27 per seat for 1,000 seats
Contact: www.websense.com

Being both easy to use and configure has made the Websense SecuritySuite a very popular product. Incorporated into the almost whollyautomated setup is the download and updating of the master databasethat drives the URL and content filters. The interface is veryintuitive and quick to navigate, enabling users to find data and logfiles without having to search through lots of menus.

Documentation is exceptional: after setup it is accessible from anyinterface, as well as through links on the company website. It includesmaterial for administrators, deployment, installation andconfiguration, all with network topology scenarios and tables.

The product comes with all the features of a perfect web content filterand then some. With its easy-to-navigate interface, every aspect of afilter policy is available for editing. Filters include URL categoriesand protocol filters for SQL NET databases, file transfers, and instantmessaging. The suite also features network protocol and peer-to-peerfilters for all major P2P networks.

Overall Rating: 5/5

WEBWASHER CSM 5.3
Supplier: Secure Computing
Price: (1,000 users): £21 per user perannum; £24 per user
perannum with optional SSL Scanner module
Contact: www.ssecurecomputing.com

Webwasher is easy to set up and work with. Its interface is clean,organised and intuitive. The setup file is a simple executableinstaller that is mostly automated - just start it up and it doesalmost everything else on its own. Configuration is laid out in clearand concise guides.

Webwasher features many add-in scanners and filters that can be set upand customised. These include a URL filter, three anti-virus engines,an anti-spam filter, SSL scanner, content protection, content reporter,and IM filter. Automatic updates are included with the licence.

This product performed well during testing. With the up-to-date URLblacklists in our test suite, we tried many types of sites and itblocked anything we tested. It has many detailed customisable logs andreports that help administrators access any data they need about webaccess across its protected network.

Overall Rating: 5/5

SURFCONTROL WEB FILTER 5.0
Supplier: SurfControl
Price: (for 1,000 users) Enterprise Protection Suite £4,790; the
Internet Threat Database £5,850; Mobile Filter £1,995
Contact: www.surfcontrol.com

As well as a full-service URL filter, SurfControl's Web Filter containsan anti-spam agent, spyware shield, instant messaging and peer-to-peershields, anti-virus and games protection. Deny pages are fullycustomisable for company or network and can contain specificinformation as to why a user cannot access certain pages.

The product's most useful feature is the Virtual Control Agent, whichuses already known information to help categorise unknown sites,stopping the user from accessing a site that could be inappropriate,but might not be blacklisted. However, the Web Filter contains adatabase of 54 categories with more than 14 million URLs, so it's hardto find anything it does not already know.

The only drawback is that, for a product as potentially complex andwidely used as this, 24/7 support is not standard. If a problem arisesat night, administrators are not going to want to disable the productand wait until the morning for help.

Overall Rating: 5/5

WIRELESS SECURITY
BlueSocket BSC2100
Supplier: BlueSocket
Price: BS Controllers start from £1,531 and go up to £17,000, depending on enterprise size. BSC1500 Access Point/Sensor co
£267
Contact: www.bluesocket.com

Setting BlueSocket's device is simple: the management port connects toa switch to which all of your wireless access points connect; theprotected port connects to your existing network; and the BSC2100 takescare of the security between the two.

BlueSocket sells its own "thin access points" that only provide802.11a/b/g access, leaving security and management to the BlueSecureControllers, but any standard wireless access point can be used.Management is through the company's excellent web interface.

Options to authenticate wireless users include forcing web redirects toits front page, where users can type in their credentials. These arethen matched against either the internal users or an external sourceincluding RADIUS, LDAP/AD and Windows NTLM servers.

Overall Rating: 5/5

INCHARGE RF MANAGER SERVER
Supplier: Colubris Networks
Price: c £5,700
Contact: www.colubrisnetworks.com

The InCharge RF Manager comes with a 1U rack-mountable server thatconfigures the remote sensors. To do this, you first need to use SecureShell (SSH) to get at the console, configuring the DNS settings so theremote sensors can automatically find the server.

From here you need to connect the 802.11a/b/g sensors to your network,making sure you have enough coverage for your entire company, so youwill probably need a few sensors per floor. Management is performedthrough a Java-based console using Internet Explorer 5.5 or higher. Thefirst time you connect to the console, a quick-start wizard takes youthrough configuration.

All you have to do is configure your security policy. Most events arecatered for, and you'll find that you look for pretty much any networkactivity.

RF Manager is easy to use, and its neat graphical interface works well.For each alert you configure, you have a choice of responses, includingsending an email alert and turning on the vulnerability prevention.This uses the remote sensors to block transmissions to unauthoriseddevices.

Overall Rating: 4/5

INTRUSION PREVENTION SYSTEMS
Ally ip100
Supplier: Arxceo
Price: c £500
Contact: www.arxceo.com

This IPS product incorporates blacklist and whitelist technology thatcan be manually configured. If the device sees a threat, itautomatically blacklists the IP the threat came from and blocks it fromthe network.

The Ally ip100 also has many fine-tuning capabilities with customisablefiltering options, TCP, UDP and DNS policies, as well as notificationoptions.

The tool - it's hard to think of it as an appliance - is very easy touse and deploy. It sits on the network between the internet and aswitch, hub, firewall or router and is connected simply by plugging itin.

The Ally ip100 performed way above our expectations. We were not ableto penetrate either the test network or the device itself. After eachtest, we would remove our IPs from the blacklist, only to findourselves blacklisted again on the next attack.

Arxeco has built in numerous reporting features, including logs,blacklist and whitelist information and network statistics.

Overall Rating: 5/5

REFLEX IPS100 5.0
Supplier: Reflex Security
Price: c £5,000
Contact: www.reflexsecurity.com

The IPS100 gives a thorough inspection to all network traffic and canalso be used as a filter. It operates inline and checks for external aswell as internal threats.

Logging and reporting is clear and organised. Several real-time screensshow network and attack traffic in many charts and graphs. At any time,a report can be created for any time period.

This unit, consisting of both a console device and separate sensors,broke the mould of other multi-unit devices. It set up very quickly andeasily, and needed no additional configuration.

The web interface is intuitive and easy to navigate, and the device hasclear and easily readable charts, graphs, and logs that include allnetwork traffic, attack traffic, and other threats.

The IPS100 passed every test. We had no success either with ourvulnerability scanning tool or our penetration tool. It instantly knewit was under attack and blocked all malicious traffic. What's more,during the attacks, no extra stress was put on the test network.

The IPS100 is great value. At around £5,000, it offers quick andeffective network-wide intrusion prevention: a good investment for anysize of company or network.

Overall Rating: 5/5

INSTAGATE PRO
Supplier: eSoft
Price: c £1,500 plus c£295 a year for intrusion
prevention
Contact: www.esoft.com

The InstaGate can become more than just a firewall and IPS, as eSoftoffers a mix of software extensions called SoftPaks. These includeanti-virus, web filters, and IM and peer-to-peer filters.

Apart from being an all-in-one device, this has a range of customisablereports and alert logs. It also includes several real-time monitors andkeeps track of all internal and external activity.

The product has an intuitive setup and a good web interface. A wizardguides administrators through all the basic steps, making deploymentquick and easy with little disruption to the network.

The appliance performed excellently against all tests. The InstaGatePro is dual-homed. It has one internal and one external connection,which allows it to act as isolated entities on both sides of thedevice. During our tests, we were only able to see the outside addressof the box and could not get past to see inside to our target.

Each SoftPak has a different annual subscription fee, so it can becomevery expensive depending on how many features are desired. With allsupport included, however, it can be worth the price.

Overall Rating: 5/5

EMAIL CONTENT FILTERING
MXtreme Mail Firewall 800
Supplier: BorderWare Technologies
Price: £2,656
Contact: www.borderware.com

The enterprise-class MXtreme Mail Firewall is a 2U rack-mounted unit.Perhaps surprisingly for such a large device, the fan noise was not asbad as some of its smaller competitors, but loud enough to warranthousing it in a server room.

The unit ships with immensely comprehensive documentation, including avery well-written quick-start guide and a list of release notes thatdetail an impressive set of new features. Among these are outboundmessage signing, improvements to inbound header options, BorderWareSecurity Network (BSN) whitelisting, BSN relay checks, enhancedLanguage Support and DNS ordering.

Boot-up takes you to the initial configuration interface, which allowsyou to set the host name, gateway and domain name server settings. TheIP address is preassigned, but can be changed.

The main home page shows up the activity of mail flowing through theunit. You can set the box to integrate with directory servers such asActive Director and also bind to an LDAP server.

We were curious to note that a product update stated it removedDomainKeys and SPF from the device's spam training due to their"unreliability". The firm assures us the product still supportsboth.

Overall Rating: 4/5

ESOFT THREATWALL 200
Supplier: eSoft
Price: c £925 plus c£229 per year for Email Threat Pak
Contact: www.esoft.com

Following a simple, step-by-step quick-start guide, we powered up theunit and waited for it to detect our DHCP server and assign an addresswithin range.

eSoft has tried to make setup as simple as possible. After firing upthe web-based console, users are taken through a series of steps to setup basic parameters and enter user and network information, such asnetwork IP, subnet, gateway IP and preferred DNS servers.

This unit could not access the internet to download its so-calledSoftPaks - software units that firms can mix and match to tailor theirprotection needs. Then after checking the settings we realised that wehad omitted to add the ThreatWall's MAC address to our list of allowedLAN clients.

Thereafter, the unit cycled successfully through all its tests and tookus to the SoftPak registration screen, from which it automaticallybegan downloading the modules for which it is configured: in our case,the email ThreatPak with integrated anti-spam, anti-virus and emailcontent filtering. We also received the Premium Gateway Anti-virusprogram.

Overall Rating: 4/5

MIMESWEEPER FOR SMTP 5.2
Supplier: Clearswift
Price: £9,000 for 1,000 users
Contact: www.clearswift.com

MIMEsweeper is designed to check email flowing in and out of anorganisation against a list of different parameters, such as virus,spam and any defined corporate policies. This version would be bestsuited sitting on a dedicated server between the mail server and theinternet.

Once up and running, the next stage is to look at setting policies.This involves not just deciding what types of attachments or words youwant MIMEsweeper to block, it is also about what domains you are happyto accept email from.

The policy manager within the product is easy to set up. Configuringpolicies is extremely granular, extending down to the group and userlevels. Specifying which content can be allowed and disallowed was alsoeasy.

MIMEsweeper for SMTP is worth considering for any enterprise, althoughorganisations running Domino or Exchange servers might want to thinkabout using the vendor's other dedicated products instead.

Overall Rating: 4/5

AV MANAGEMENT
Kaspersky Anti-Virus Business Optimal 5.0
Supplier: Kaspersky Lab
Price: £20 a year per node for 100 nodes, including Kaspersky
Administration Kit
Contact: www.kaspersky.com

To install this Kaspersky anti-virus software, you require either SQLServer or the Microsoft Desktop Engine on the machine or the network.This means a long wait for all the elements to be installed on theadmin machine.

The console runs as a snap-in under the Microsoft Management Console,which effectively means that it can only be run under Windows.

This minor criticism aside, the console is easy to get to grips withand, on first look, provides the user with several options to installand maintain workstations and servers on the network.

It was easy to roll out anti-virus policies on to target machines.Policies can be modelled on a range of different templates, based onthe target machine's function.

As usual with Kaspersky, the reporting tools are second to none. A fewclicks generate reports on a variety of different metrics and the datais presented in html.

Overall Rating: 4/5

F-SECURE CLIENT SECURITY & POLICY MANAGER 6.0
Supplier: F-Secure
Price: £11.50 per user for 1,000 users
Contact: www.f-secure.com

Designed to protect against everything from hackers to the use offorbidden networking software, this product consists of two functionalunits. The F-Secure Policy Manager (console, server and web reporting)looks after the centralised management of the anti-virus solution inthe network. It is partnered by the F-Secure Anti-Virus Client Securityto prevent damage by a virus or hackers on workstations.

The Policy Manager console interface is clear and well designed. Usingthe intuitive GUI we easily built up a list of client PCs on our testnetwork with the help of an auto-discover feature that creates a domaintree. Thanks to the product's "push installation", administrators candeploy F-Secure Anti-Virus Client Security for PCs and laptopsremotely. The console allows you to specify target IP addresses tosimplify management.

The suite was simple to install, although the sheer number ofconfiguration components could be confusing. But it's an impressive andcomprehensive package.

Overall Rating: 4/5

IRONPORT VIRUS OUTBREAK FILTERS ON C300 APP
Supplier: IronPort
Price: £10,900
Contact: www.ironport.com

The device is based on IronPort's own hardened operating system,AsyncOS 4.5.5, and includes anti-spam, anti-virus, mail-flowmonitoring, message encryption and virtual gateway technology.

It has an enhanced overview page that gives users a useful snapshot ofremote hosts connecting to the device. It also features enhancedanti-spam, anti-virus and quarantine functions. For the first time, itincludes support for domain key signing.

Boot-up time for the operating system was surprisingly long, but wewill give it the benefit of the doubt because of the enterprise natureof the appliance. Web-based console users are initially promptedthrough an intuitive setup wizard.

Basic setup tasks went smoothly, such as defining IP addresses androuting gateways and domain names from which the device's inboundlistener could accept mail. It was simple to define the filtering basedon SenderBase reputation service scores. Out of the box there are threelevels that can be set up: conservative, moderate or aggressive. Userscan also set their own custom levels.

Overall Rating: 4/5

SYMANTEC ANTIVIRUS CORPORATE EDITION 10.0
Supplier: Symantec
Price: £19.99 per user for 1,000 users
Contact: www.symantec.com

Symantec AntiVirus provides protection against spyware and viruses. Theenterprise edition also tackles spam and provides content filtering.The corporate edition is designed for a predominantly Windowsenvironment, although NetWare support is available for somemodules.

Platform support also looks set to be improved, with a newer versionsoon available promising support for Red Hat Enterprise, SuSE LinuxEnterprise Server and Novell Linux.

The System Center management console is a straightforward, two-paneWindows Explorer-style affair. All the clients for which we chose toinstall the remote software were imported into the System Centermanagement console, where any number of tasks can be carried out. Fromhere it is possible to organise scans, update schedules and carry outother tasks.

While the management console is thorough, it can be a little confusingand laborious to use. But one of the advantages of Symantec software isits scalability.

Overall Rating: 4/5

ENDPOINT SECURITY SAFE ACCESS
Supplier: StillSecure
Price: from c. £21 per IP
Contact: www.stillsecure.com

This feature-rich device scans by monitoring the network for new hostsor IP addresses and requires that each computer passes its tests beforeconnecting it to the network. All activity is shown in a detailedreport explaining what tests the user passed or failed.

The appliance is simple to set up and rapid to deploy. The Safe Accessplatform is built on Red Hat Linux and is installed on its own server.Once setup is complete, configuration is done through the webinterface. An intuitive configuration wizard assists in final setup andconfiguration of policies.

Safe Access performed very well during the test. It even denied accessto our clean test machine because the anti-virus software we installedon it required an update. Neither of our machines was able to accessnetwork resources until the policy was met.

All this power comes at a price, though. The Safe Access licence couldbecome expensive for large enterprise networks - however, volumediscounts apply.

Overall Rating: 5/5

LANDESK SECURITY SUITE
Supplier: LANDesk Software
Price: £60 per node for Management Suite; £20 per node for
Security Suite
Contact: www.landesk.com

LANDesk Security Suite must be installed on a central server, whichmust pass certain security and version tests. After installation,policies can be set for access, applications, software versions,service packs, anti-virus etc. Agents planted across the network alsoallow the console administrator to take remote control of machines inviolation of policies.

Although setup and installation is simple and intuitive, configurationis more difficult, and the application interface can be frustrating touse.

The documentation for LANDesk is easy to follow and is downloaded fromthe company's website. Free phone support is offered between 8am and8pm EST, and there is an online forum and a knowledge base. This is oneof the higher-priced products for large enterprises, but LANDesk is afully inclusive endpoint security program with significantcapability.

Overall Rating: 4/5

FIREWALLS TSP 7300
Supplier: Secure Computing
Price: £55,500
Contact: www.securecomputing.com

This model is a beefy 3U box, supporting up to 38 ports with a totalfiltered throughput of 2.8Gbps (or half that for AES-encrypted VPNs).Hot-swappable redundant power and RAID storage is standard, and the boxfully supports high-availability in various configurations.

Secure Computing provides a great tool for configuration in the form ofan offline html page that walks through the options and generates atext file. This can then be put onto a USB flash disk or floppy, andwhen the machine boots it will configure itself to that spec. The onlyworry was that the administration password is stored in the file, soanyone with access to the same tool could brute-force the originalpassword without much difficulty.

With built-in content filtering, support for H.323 for voice,two-factor authentication, application proxies and VLAN support, plusvery high-capacity IPsec VPN capabilities, it all adds up to acomprehensive package. However, surprisingly there is no support forquality of service for a product that scales all the way up to high-enddata centre environments.

Overall Rating: 4/5

ASTARO SECURITY GATEWAY
Supplier: Astaro AG
Price: £6,893
Contact: www.astaro.co.uk

The ASG 425 is at the top end of Astaro's 1U appliance range, withseveral smaller versions and two larger options available. The unitoffers eight ports, but just one is active by default, and this is usedfor the internal segment and web management. The rest must bespecifically enabled and configured.

The web GUI got us up and running without any hitches. The GUI worksfine, and the dummy SSL certificate installed in the box is easy tochange. Doing so caused a bit of confusion in the interface, with theexisting admin session becoming stale and reconnection then requiringthe stale session to be terminated: only one active login per user isallowed. This sometimes caused problems with page refreshes, too.

Every page in the interface provides context help, and the applianceprovides a searchable electronic version of the manual.

Documentation is very good, with a well-written explanation ofdeployment scenarios, likely uses and other useful pointers, ratherthan the walkthrough of the interface most vendors provide. This is anicely integrated box with all the features we expected, plus somesurprises, such as support for UPS notification via USB.

Overall Rating: 4/5

FORTIGATE-1000A
Supplier: Fortinet
Price: £12,886
Contact: www.fortinet.com

We were pleased to see the FortiGate-1000A's web GUI default to asecure https connection. A fully-featured console is also availablethrough a serial connection.

The interface is elegant and does a good job of grouping itemstogether, although related tasks could be linked a bit better.

A setup wizard created a new admin password and configured externalinterfaces and firewall rules for internal servers providing commonservices (smtp, web, ftp, pop3) and a choice of security levels. Wewould have liked more information here, rather than having to go to thedocumentation for what exactly "high" or "medium" security mightentail, but all the basics are clearly explained.

The filters include options to detect grayware, including adware,Browser Helper Objects and more. These are disabled by default, andthere is no whitelist to allow objects on a granular basis. But it is auseful addition.

This is a fully-featured UTM offering at the right price, which doesn'tskimp on the firewall and filtering features to do other, moreglamourous tasks.

Overall Rating: 4/5

FORENSIC TOOLS
I2 ANALYST'S NOTEBOOK 6.0.55
Supplier: i2
Price: £3,600 inc. one year's support
Contact: www.i2inc.com

The Analyst's Notebook from i2 is a different-from-most analysis toolin that it is a true link analyser with a long pedigree in examiningcomplex crimes and security incidents.

Installation moves quickly - within two hours we had imported andanalysed metadata from EnCase for a detailed breakdown of data on ahard disk, put in hacker profiles and examined a 65,000 recordintrusion detection system log for links between attacks andattackers.

Logs, events and other data feed the link analyser's work process. Theeasiest way to input data is by importing from a spreadsheet using aCSV file. This allows users to import logs of virtually any kind intothe analyser, then the tool sets up the relationships and displays themin various formats.

Viewing relationships is intuitive. The Analyst's Notebook is part of asuite of products that allow very large, complex logs to be analysedand subtle connections found in extensive distributed enterprises.

Overall Rating: 5/5

LOGLOGIC LX 2000
Supplier: LogLogic
Price: c.£27,000
Contact: www.loglogic.com

The LX 2000 is as feature-rich as you could wish. Its displays arestraightforward and you can perform a wide range of analyses relativelyeasily. Coupled with the ST 3000 large-scale storage appliance, itbecomes an extremely powerful tool for managing, analysing andarchiving huge amounts of data.

Documentation comes as a set of clear and comprehensive PDF files on aCD. Specialised tasks need to be referred to LogLogic support, but wefound this to be first rate.

A product such as this is a key ingredient in managing the overallsecurity of all sizes of networks. The LX 2000 alone is suitable forsmall to mid-sized enterprises, while the addition of other LogLogicfamily products allows scaling to virtually any size.

This is an excellent log analysis tool, but it's not for thefainthearted. While its user interface is excellent, it has many hiddencapabilities that require some time to understand. It's alsoexpensive.

Overall Rating: 5/5

PRODISCOVER INCIDENT RESPONSE 4.55
Supplier: Technology Pathways
Price: £7,995
Contact: www.techpathways.com

A complete IT forensic tool that can access computers over the network(with agents installed) to enable media analysis, image acquisition andnetwork behaviour analysis. Other capabilities include remote analysisof running processes, open files, open ports and services, and othernetwork-based functions.

Although fairly easy to use, its complexity and granularity mean theuser must have some experience of working with a program of thisnature. But the user interface is laid out much like other products inthis category, and we could navigate around it with barely any troubleat all.

Once we became familiar with the layout of the interface, we found itwas a powerful tool - able to fully image both our forensics test diskand a disk on a computer on our network. We also found that it wasquite efficient, with fast and accurate imaging. Remote agents are verysmall footprint.

Documentation is well laid-out with clear explanations of all theprogram features. All in all. this product is excellent value.

Overall Rating: 5/5

DATA ENCRYPTION
DESLOCK+
Supplier: Data Encryption Systems
Price: From £25
Contact: www.deslock.com

DESlock+ is a useful and comprehensive collection of encryption toolsfor Windows, packaged in an intuitive, easy-to-use manner. Alsoincluded are two rugged USB devices for storing keys, one of which is aback-up.

The DESkey devices can store up to 64 keys internally, or software keyfiles can be used instead. Both folders and individual files may beencrypted with DESlock - in fact, even parts within a file if onlycertain parts are sensitive.

An Outlook plug-in is included; recipient keys are easily organised viakey sharing, and useful wizards are supplied for managing both keyfiles and tokens. Other utilities include a shredder for secure filedeletion, a scratchpad for storing personal text, and a message viewerthat will decrypt a message into the viewer window without decryptingthe underlying file.

Supported encryption algorithms include 3DES, Blowfish and AES(128-bit), with the RSA algorithm for key transfers.

Overall Rating: 5/5

DEKART PRIVATE DISK
Supplier: Dekart
Price: £24.40
Contact: www.dekart.com

Dekart Private Disk is a small footprint program to provide seamlessdata encryption with further useful functionality.

The concept of a disk firewall is particularly interesting, providingapplication-level access control, whereby a whitelist of trustedapplications is maintained within the encrypted disk area. If anapplication not on this list tries to access any protected file, itwill simply be blocked.

This not only guards against malware, but may also prevent file copyingor other manipulation of data - a simple and effective idea. Alsointeresting is the ability to run Private Disk directly from portablemedia, allowing access by authorised users even when using a differentPC - again, a simple and effective approach that many users will finduseful.

Private Disk is flexible in its application and can work with a broadrange of portable media, including USB sticks and flash memory cards.It is logical, intuitive and easy to use.

Overall Rating: 5/5

SECUREDOC
Supplier: WinMagic
Price: £82
Contact: www.winmagic.com

This is not just a simple plug-and-play product. It enables userauthentication at the preboot level, supporting passwords, tokens andeven biometrics. WinMagic has worked closely with other organisationsto provide a comprehensive choice of proven token technology.

Planning prior to deployment is crucial. This is emphasised within thecomprehensive PDF manual, which also provides a good deal of backgroundinformation for the security administrator. The various dialogues andwizards are logical enough, but they require a certain level oftechnical understanding.

The enterprise edition includes the SecureDoc Enterprise Server tofacilitate large-scale network deployments and associated key andpassword management. Featuring a Microsoft SQL database, user and groupcredentials can be imported from an existing Active Directory.

Overall Rating: 4/5

MULTI-FUNCTION APPLIANCES
InstaGate PRO
Supplier: eSoft
Price: £1,553
Contact: www.esoft.com

This product is feature-rich and especially easy to use and administer.Setup really is as simple as taking it out of the box and plugging itin. It is then configured using a straightforward, web-basedwizard.

The InstaGate PRO is a very powerful appliance. Software packagescalled SoftPaks, which include anti-virus, anti-spyware, anti-spam,intrusion prevention, a web filter, a firewall and many others, allowfor complete customisation.

It has a simple-to-navigate web interface that accesses the threatmonitor page. This displays an overview of the system's state,firewall, inbound and outbound traffic and intrusion detection.

The box is well integrated both with itself and the network on which itis placed. It is designed to work with existing firewalls and VPNs, aswell as by itself. The device produces many different reports, all withcolour graphs and charts, plus full event information.

The base price covers the appliance itself and the firewall, VPN (PPTPand IPsec), DMZ, policy management, user management and WAN failoverfeatures. Other features can be purchased for a one-time fee or bysubscription.

Overall Rating: 5/5

NETPILOT
Supplier: Equiinet
Price: £2,495
Contact: www.equiinet.com

The NetPilot appliance is simple to set up - you just plug it in andturn it on. Once booted, the box starst its automatic configuration,which can be changed to fit the specific needs of the network. This canbe accessed from anywhere on the network; once the user is logged in,all functions are there at the touch of a button.

The interface is broken down into categories such as security, useraccounts, email filter policy, logs and maintenance. These then lead tosub-categories with policy settings, configurations and many differentlogs and charts.

NetPilot is packed with features, including a built-in firewall, VPN,email filtering, URL and web filters, IDS, file and print servicing,intranet and web page caching. But it lacks some elements offered byrivals, for example anti-spam and web filtering.

The appliance provides amazing functionality and performance. All itsfeatures integrate seamlessly. It also features easy-to-read logs withdifferent charts and graphs.

With a reasonably small price tag, low maintenance and free updates,NetPilot is excellent value for SMEs or branch offices.

Overall Rating: 5/5

PROVENTIA NETWORK MFS APPLIANCE
Supplier: Internet Security Systems
Price: £8,118
Contact: www.iss.net

Recommended for its power and simplicity, this product was up andrunning in no time. Its Java-based web interface is easy to navigate,while policy configuration is both easy and intuitive. Alongside theimaginative layout of the web interface, it offers useful help files.All this makes this device very simple to manage.

The box is loaded with useful features, including a firewall, VPN,intrusion prevention, web filtering, anti-virus and anti-spam. They areaccessible from the web interface and fully customisable to suit theindividual needs of the particular network environment.

The appliance is able to integrate seamlessly with the existingstructure of the network. All logs and alerts can be viewed easily inreal time.

With fully customisable policies, a load of well-integrated features,and easy-to-read logging and reporting, this product performs extremelywell.

The Proventia MFS Appliance is excellent value for money. The productprovides many custom features, full comprehensive protection and easymanagement. This would be a good investment for just about anymedium-to-large, even very large, company.

Overall Rating: 5/5

TWO-FACTOR AUTHENTICATION
RSA SecurID
Supplier: RSA Security
Price: c £9,290 for 100 users, including three-year hardware
tokens
Contact: www.rsasecurity.com

There is a huge choice of installation hardware for SecurID, withsupport for Windows Server 2003, Solaris, Red Hat Linux, HP-UX, AIX andNovell Suse Linux Enterprise Server.

The product is managed through the RSA Authentication Managermanagement console. It can link with an LDAP server, such as ActiveDirectory, so you can pull in existing users, but you can't managetokens directly from your current directory management tool.

There's a good range of hardware and software tokens, includingsoftware clients for BlackBerry, Java phones and Pocket PC.

A new single-use code is automatically generated every 60 seconds. Thismeans that registering new tokens has to be done with the provided CD,as this gives the server the required seed record to synchronise itskey generation with the token's. It's a bit more work than asynchronoussystems and means that the tokens can get out of sync with theserver.

But while management might be awkward, third-party integration issecond-to-none.

Overall Rating: 5/5

KOOLSPAN SECUREDGE
Supplier: KoolSpan
Price: £2,680
Contact: www.koolspan.com

KoolSpan's SecurEdge is designed to provide safe access to a networkthrough a 256-bit AES link with support for up to 512 simultaneoususers. The kit comprises a lock that bridges the external network tothe internal one and a set of USB keys providing authentication.

The keys come preconfigured, so the only real bit of network wizardryyou have to perform is configuring port forwarding on yourrouter/firewall to pass authentication requests to the lock. As itbridges two network connections, you may install it to provide secureaccess from a wireless to the wired network, or for secure access to aserver.

You can manage keys by revoking network access, renaming them to matchthe owner's username and selecting which locks they have access to.Aside from allowing or denying access, though, there are no controls onnetwork traffic, so if you're looking for a complete access controlsystem with fine granular control, this isn't it. But it is a great wayof adding hardware-based authentication to your existing systems.

Overall Rating: 5/5

SAFEWORD PREMIER ACCESS 4.0
Supplier: Secure Computing Corporation
Price: £35.26 per user for 1,000 users
Contact: www.securecomputing.com

SafeWord Premier Access adds an authentication server to your networkthat can protect your VPN connections.

Authentication can be through smart cards or Secure Computing's owntokens, which come in gold, silver and platinum. Gold tokens generate asingle-use password after a PIN has been entered, so warn users thattyping the wrong PIN generates an invalid code. Silver tokens areoperated by a single button, while the platinum version comes with akeypad.

The company also supports a variety of other two-factor devices, aswell as mobile authentication. Tokens are event-based, so they do notneed to remain in sync with the authentication server.

There is a choice of management options, including Secure Computing'sown console, which is available with the Enterprise Solution Pack thatalso adds authentication for Unix login, web servers and webapplications.

SafeWord is a very simple product to manage, particularly forMicrosoft-based servers. However, it's also highly extendable.

Overall Rating: 5/5

SIM/SEM
TRIGEO SIM
Supplier: TriGeo Network Security
Price: c£10,400
Contact: www.trigeo.com

TriGeo SIM is simple to use and comes with many rule sets preconfiguredfor most security situations. Setting rules for specific environmentsis made easy by the Rule Builder, which uses different modules withdedicated parts that you just drag and drop into the right place andthe rule is created. Filters are also easy to configure using the sameprocess.

This appliance is loaded with features, including real-time loganalysis, prebuilt correlations and IPS/IDS. It also boasts a uniquefeature called USB Defender, which logs and alerts if a USB storagedevice is plugged into any device on the network.

The TriGeo box analyses and reports information in various clear andeasy-to-read charts and graphs. In addition to more than 220 stockreports, it has the ability for the user to customise reports using thebuilt-in Crystal Reports Engine. The TriGeo has a wide variety of logcorrelation and analysis tools that make it a fully comprehensivesecurity device.

The easy setup, configuration, and analysis of reports helps cut downon the cost of training personnel while still delivering accuracy. Thisproduct offers excellent value both in the way of cost andperformance.

Overall Rating: 5/5

ENTERPRISE SECURITY ANALYZER
Supplier: eIQnetworks
Price: c £4,195 including licence for five devices and five
hosts
Contact: www.eiqnetworks.com

Although this program is simple to use, we found it took a little timeto setup and configure. Once the main install is done, there arefollow-up steps of creating SSL certificates for IIS and possibly otherloose ends, depending on the environment.

With a user-friendly interface, topology maps for event tracking andeasy-to-read reporting, this product encompasses all the main featuresof a large-scale security monitoring system. The eIQ EnterpriseSecurity Analyzer has the ability to do log file forensics forretracing log event patterns to isolate a security incident. It alsodisplays detailed real-time charts of events and alerts that are shownon the dashboard.

This product offers a lot of value both in terms of investment andsecurity. Since it is able to integrate onto any Windows server, itdoes not require the addition of a separate machine, which cuts down onoverall cost of ownership.

Overall Rating: 5/5

SEM3210
Supplier: High Tower Software
Price: c£31,440
Contact: www.high-tower.com

High Tower preconfigures all the equipment before it is shipped to theend user, so when the appliance arrives there are just a few simplesteps to complete before it is online and ready to go.

We found this product simple to use, thanks to the intuitive userinterface that includes an easy-to-read dashboard-type console. Theoverall simplicity of managing this device was one of its attractions.The console is built on the Java platform, so it is possible to havemany different window modules open at the same time without ending upin a jumbled mess of clicking through branch after branch or tab aftertab to locate information. The device is capable of handling up to20,000 events per second and displaying real-time alerts andinformation.

While this product has a lot of capability and flexibility, it does sithigh on the price spectrum. We still think it is good value for moneyand a good investment for companies that can afford such a device andhave the requirement for its high performance.

Overall Rating: 5/5

SSL VPNs
SONICWALL SSL VPN 2000
Supplier: SonicWall
Price: £1,575
Contact: www.sonicwall.com

Once the interfaces are configured for the network, the SonicWallappliance is administrated via the user-friendly web interface.

The SonicWall has loads of features in addition to the SSL VPN. Theseare atypical in that they address those things that one would expect ina multi-purpose appliance rather than in a VPN. For example, along withaccess to web servers, ftp servers, and file shares, this appliancelets administrators create a Virtual Office for users. This can runapplications such as Outlook, Word and Excel from a server, as well asgive remote access to desktop or server machines. Administrators aretherefore able to develop very complete portals.

The product is flexible enough to support separate portals, giving it adistinct workgroup flavor. One feature we liked is the ability to usethe VPN to access an individual worker's desktop computer remotely.

In addition to providing Radius, LDAP, NT Domain or Active Directoryauthentication, this box uses an authentication method called one-timepasswords, which works as a two-factor authentication scheme.

Overall Rating: 5/5

CAYMAS 318
Supplier: Caymas Systems
Price: c£13,340
Contact: www.caymas.com

Generally, this appliance boasts the types of features administratorslike. It is easy to set up and requires little maintenance once inoperation.

The Caymas 318 uses several ways to control user access. Policies canbe set up so that users can only access what their identity,authentication method, client, location and time of day will allow themto. Also included are various access modes, such as web, file orclient/server applications in either clientless, thin or thick clientmode.

We found this device to have many options for authentication, whichreally add to its flexibility. It supports Radius, LDAP, ActiveDirectory, PKI Certificates (with CRL checking) and localauthentication. It also incorporates two-factor authentication such asSafeWord and ActiveCard.

An easy-to-follow quickstart guide gets the appliance going in no time.This guide shows how to set up the device using a serial console andgaining access to the web interface.

While the Caymas 318 is flexible and versatile, the cost is at the highend for an SSL VPN appliance. We did like a lot of its features in bothuser access and security, and support is superb, but we are notimpressed with the price tag.

Overall Rating: 4/5

POLICY MANAGEMENT
SECURITY CENTER LITE
Supplier: Lan-Secure
Price: c£525
Contact: www.lan-secure.com

Security Center Lite offers a relatively low-cost introduction tovulnerabilty scanning and intrusion detection for infrastructures withup to 100 network nodes. The product is software-based and needs noremote agents. It is thus simple to deploy and configure within typicalMicrosoft-based infrastructures, requiring Windows XP or Windows Server2003, with Internet Explorer 6 or above.

Security Center Lite comes at a fraction of the cost of many moresophisticated products in this space and therefore should not beexpected to offer equivalent functionality. However, it also requiresless admin and support.

The software is very easy to deploy and will reveal aspects of yournetwork that were not previously visible to you. Also, it will enableyou to quickly become proficient at spotting potential vulnerabilitiesand blocking offending nodes accordingly. Plus, it can provide a degreeof automated rules-based protection.

Overall Rating: 4/5

AIRMAGNET ENTERPRISE
Supplier: AirMagnet
Price: £5,500
Contact: www.airmagnet.com

AirMagnet is unusual in that it specialises in protecting wirelesslocal area networks.

The freestanding AirMagnet SmartEdge sensor performs the primaryanalysis of events within the sensor itself, via an integral AirWISEanalysis engine, obviating the need for heavy network traffic to andfrom a central analysis engine.

The network of deployed sensors then reports back to the AirMagnetEnterprise Server via a conventional ethernet network, where furtherevent correlation can take place.

The SmartEdge sensors can be configured via a console on the network orvia a serial connection directly to the sensor, which sports aconventional 9-pin connector. This is a thoughtful touch, as the latterarrangement may well suit a variety of implementations where sensorsare scattered around a given physical environment.

All in all, a very welcome tool that will enable organisations tofinally have as much confidence in their wireless networks as they havein the wired variety.

Overall Rating: 4/5

INSTANT MESSAGING
ENTERPRISE INSTANT MESSAGING
Supplier: MessageLabs
Price: from c£1-4 per user per month
Contact: www.messagelabs.com

This is a comprehensive hosted security solution for IM. We wereprovided with a simple ten-user licence evaluation version of thesystem. At the heart of the product is a hosted administration toolthat is extremely intuitive and easy to use. From here we were able toaccess all aspects of management, establish policies, add users andview relevant reports.

The client software is called Professional Online Desktop (POD) and isan excellent approach to instant messaging security. As administratorwe could assign which networks the user could access (Microsoft IM, AOLor Yahoo or any combination of these), all of which is then donethrough the user's version of POD rather than the third-partyapplications. It allows for much greater control over security.

Users can be added to the configuration module very quickly through abatch file. Overall, it's difficult to fault MessageLabs' approach toIM security.

Overall Rating: 5/5

FACETIME RTG500 ENTERPRISE EDITION
Supplier: FaceTime Communications
Price: from £7,500
Contact: www.facetime.com

A rebadged Dell PowerEdge 850 rack-mountable 1U server, the RTG500 isaimed at the medium-sized to large enterprise market. To access theinitial set-up screen we had to connect a monitor and keyboard. Unlikesome of the software suites, the FaceTime server is aimed purely atIM.

The console is clearly laid out and quite Web 2.0 in appearance. It hasa dashboard look and feel about it and provides a real-time view oftraffic such as spyware, IM, peer-to-peer, HTTP and UDP. All other TCPtraffic is grouped under one heading.

On first use of the appliance the default global policy for instantmessaging is not to allow file transfers, peer-to-peer, clientconnections or IM networks.

The main configuration window provided a clear and concise view of thedevice. We could establish custom policies via individual IP addressesor a range of addresses. Spyware policies can also be establishedhere.

FaceTime has produced a good all-rounder that adequately covers thenetworks most likely to be used in today's corporate environments. Itwas let down slightly by minimal documentation and some aspects ofutility.

Overall Rating: 4/5

E-DRM
Pinion Desktop Packager
Supplier: Pinion Software
Price: £2,560 (5-user licence)
Contact: www.pinionsoftware.com

Pinion's desktop package is a simple, individual user-oriented DRMprogram. We tested the Workgroup Edition. The product sits on thedesktop and allows the user to package a document. Once the file isencrypted and recipient rights are attached, it may be sent out. Toopen the document, the recipient needs the Pinion Receiver, which canbe downloaded for free from the Pinion website.

Desktop Packager supports a broad array of file types, including Word,Excel, PowerPoint, Lotus Notes email messages and Cad applications suchas Autodesk, Solidworks and PTC. In addition to encryption, otherprotections may be applied selectively to the document and the user canlimit the time the document is viewable.

The desktop packager and the receiver were easy to install and theproduct integrated seamlessly with Outlook. If there is a downside tothis product it's the price, which may keep it out of reach of mostsmall companies.

Overall Rating: 5/5

SECURE2TRUST
Supplier: Avoco Securel
Price: c£198
Contact: www.avocosecure.com

This is a desktop product in that it requires no server and insteadattaches document rights to the individual document. It can be deployedas either a simple desktop DRM application or as a full-blown E-DRMsystem using the server to manage the clients over a large, distributedenterprise.

Of all the products we looked at this was the simplest to deploy. Theinstallation is intuitive, with an easy-to-navigate interface andclearly displayed settings, policies and restriction options. Thesolution comes with a set of predefined policies and uses aninformation classification paradigm.

Administrators can create a set of classifications to match theirorganisation's policies, with use restrictions for each level. Usersapply the appropriate classification to their documents.

There are several options for access control, including ActiveDirectory, password and groups. Printing, copying and changing filescan be prohibited. An optional manager and an enterprise server areavailable.

Overall Rating: 5/5

Workshare Protect Enterprise Suite
Supplier: Workshare
Price: from £18 per user per year
Contact: www.workshare.com

This is a true large-scale extrusion prevention solution. Successfuldeployment of this client/server application requires configuration ofMicrosoft Server 2003 and SQL Server, as well as detailed knowledge ofthese platforms. However, once installed, it is easy to use and can becustomised for many different conditions.

The suite's policy manager can act as an information gateway, applyingcontent filtering for more than 370 file types. It includes documentrights restrictions, email blocking based upon content, andpolicy-control of PDF conversions. We were unable to compromise denieddocuments or find a way to get the system to violate its policy.

The licence can become a fairly expensive proposition for the size ofenterprise for which it is intended. However, this was the mostcomplete product we looked at in terms of capabilities, and for bigorganisations with large numbers of sensitive documents, this is a verypowerful product.

Overall Rating: 5/5.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.