Content

Product Section Best of 2006: New wine, new bottles

We'll continue the tradition of Group Test product reviews, but with a few twists. We'll be expanding the number of categories and refining the granularity of products we test. That means if the group is IPS, all you will see are products that do nothing but IPS. Each group will have minimum requirements that products must meet.

Next, the way we test will be a bit changed. Consumers want to know exactly what to expect when they buy a product, so we will try to duplicate the buying experience. If vendors insist upon installing their product, we will invite them to install it in our labs exactly as they would do at the customer site. We will grade them in this case on their level of support.

Group Test reviews aren't "bake-offs." Each product is tested against a set of SC Lab standards and graded on its own merits. The standards consist of about 50 general points in the six evaluation categories developed by the Lab in cooperation with the Center for Regional and National Security at Eastern Michigan University, and sets of product-specific test requirements that are drawn from the Common Criteria (ISO 15408).

We will be sticking to Common Criteria Evaluation Assurance Level 1 for our guidance. While this does not mean we are doing exhaustive Common Criteria evaluations, the approach adds rigor and consistency.

All Group Test reviews will pass through the Labs, even if we take advantage of outside experts in a particular product area. The format will be consistent so you'll always know what to expect.

Finally, our test engineers will spend ample time talking to vendor engineers, understanding the products and ensuring a fair, balanced and complete review. In short, you can expect transparency in the reviews process.

Another change is that we will not be performing standalone reviews in quite the same way as we have in the past. Instead, I'll be offering a new "First Looks" column. There is more about that in my final opinion column elsewhere in this issue, but the short of it is that I will be looking at the new and unusual and reporting what I find to you.

That's enough reading for one day. Timber The Lab Dog and I went into the lab where Mike, our test lab manager was working on the first batch of vulnerability assessment products for January's issue. I looked around at what he had in the test bed and, just between you and me, it's gonna be a great year!

— Peter Stephenson, Technology Editor

 

Click on the links below to view our Best Buy and Recommended products from 2006.

Anti-spam
Spam is a real nuisance. It fills up mailboxes and obscures mail you actually want to read. Individuals can do quite a bit to reduce the irritation, and ISPs are also grappling with the problem, filtering spam before it ever reaches the user.

Anti-spyware
According to recent reports, spyware is now the most serious threat to corporate networks, outpacing even viruses. And it is a major threat for a wide range of reasons.

Anti-virus
The growing sophistication of malware code has been matched by a commensurate increase in the sophistication and capacity of the anti-virus systems we use to protect ourselves.

Data encryption
Encryption is one of those words that is guaranteed to conjure up a variety of mental pictures. Some will think of espionage and spies, of James Bond hacking into Dr. No's supercomputer, or the more prosaic work of the Enigma machine busters during World War Two.

Document Security
Enterprise Digital Rights Management (E-DRM or ERM) refers to the use of DRM technology to control access to corporate documents.

Email filtering
With the rising tide of spam, email-borne security threats and the danger of employees abusing email, it is essential that organizations take control of their email systems.

Email management
The arguments in favor of managed email security are easily made. Cost savings tend to be dramatic, with ROI often coming in months. The load on mail server infrastructure can be reduced to a tiny fraction as all spam and malware is blocked before it enters the client network. As a result, resistance to denial-of-service attacks and mail reliability are much improved.

Endpoint Security
Nobody agrees on what endpoint security means. We asked ourselves, "If an endpoint computer is truly secure, what would that mean?" Of course, the end objective is to protect the enterprise through securing the endpoints, so the answers needed to be in the context of the whole enterprise.

Event Management
The key tasks of security information management (SIM) and security event management (SEM) systems are to gather data; normalize data; correlate events (eliminate duplicates and check for patterns); respond appropriately; and learn. These systems must also contain the ability to review security events generated by disparate devices; allow correlation of those events with business criticality ratings and external threats; present the information on a dashboard that allows real-time analysis, prioritization and risk reporting; enable policy and regulatory compliance; and improve management of security resources.

Firewalls
Although stateful packet inspection is a fully mature and stable concept in network security, the firewall market itself is not at all static. The steady evolution toward unified threat management (UTM) is producing products with broad feature sets. Although still network edge firewalls, most include VPN, anti-virus, anti-spam, content filtering, intrusion detection and more.

Forensic tools
In testing forensic tools, we decided to break the mold. Rather than limit ourselves to one type of forensic tool, we approached the challenge of incident response.

Instant messaging
In today's communication-needy world, instant messaging (IM) is used by millions. Analysts believe that instant messaging traffic will exceed email traffic by the end of this year. And this means cybercriminals are likely to use IM to orchestrate attacks on a scale not yet seen in the security world.

Intrusion prevention
Intrusion prevention systems (IPSs) have become more effective, more widely distributed and more complicated to deploy. What's more, the more complicated systems are consistent with today's more complex networks.

Multifunction security appliances
What are the pros and cons of multifunction appliances? There is no doubt that, at some level, they are a single point of failure. The more functions they offer, the more risky that becomes. But depending on the situation, a single point of failure might be manageable with a hot standby.

Patch management
Keeping up with software security and other patches is now a top priority for firms of all sizes.

Policy management
These days, networks, applications and their security have become quite a complex affair. There are all sorts of angles: access control, device configuration and protection, vulnerability scanning and remediation, policy creation and enforcement, regulatory compliance, intrusion detection, patch management and many other factors, all of which must be taken into consideration with respect to contemporary IT networks.

Single sign-on
Whether you call it single sign-on, access control or user authentication, the products in this test aim to verify the identity of users as they access applications and data on a computer or network.

SSL VPNs
The range of SSL virtual private network (VPN) products indicates that the genre is maturing rapidly.

Two-factor authentication
Users generally have passwords that are easy to guess. And once a password has been cracked, the intruder has free reign to your
network.

Vulnerability assessment
There are three types of VA tools. First are scanners, which give little beyond listing vulnerabilities, their relative importance and suggested remedies. These are very useful because they can be utilized easily, mostly automatically, and offer a good ongoing quality assessment.

Web content filtering
Web content management products come in two flavors: filtering and blocking. While the distinction may seem trivial it is important. Content blockers must use a black list of disallowed sites. This requires constant updating and the entire URL is blocked for sites on the black lists. Content filtering, on the other hand, filters based upon objectionable content only. That means that a site may be accessible, but objectionable content on it would be filtered.

Wireless security
Wireless networking has come a long way in the past few years and, with the majority of new notebooks containing wireless cards, has become a popular and convenient way to get access to networks. While most of it is good news, particularly as wireless provides an easy way to extend the network without having to run new cables, it does bring with it a host of security problems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.