For some time now, the problem for security professionals has not been "do I need AV protection" but more specifically "which one is best for my corporate needs." But with so many other danger areas for security administrators to concentrate on, leading to the provision of intrusion detection systems, intrusion prevention systems, firewalls and virtual private networks, to name but a few, it is crucial to make the right decision when they have a large array of other security solutions already running.
Providing all you need for network screening and stability can be a tall order, so whichever anti-virus solution is relied upon - software- or hardware-based, or a mix of both - it has to be dependable, be able to fully integrate with everything else running on the network, and provide 100 per cent system integrity.
This is where the real dilemma lies - with so many products to choose from, all providing near-perfect detection and disinfection rates, the choice often has to come down to ease of implementation, configuration and ongoing ease of use with excellent support.
Panda Software has been in the anti-virus arena for years, offering well-conceived software solutions and delivering excellent protection and support for its users. Now, with its latest hardware appliance, the GateDefender 7100, anti-virus protection has become simpler to add to existing network infrastructures and it can also be used in conjunction with more than one GateDefender to provide failover protection around the perimeter.
Panda heralds this as a complete solution that is not only scalable, but transparent; no need to change settings when installing, and it is said to offer perimeter-protection with content filtering as standard.
Ease of installation
To substantiate these claims, we took a single GateDefender and married it to our test environment to determine ease of installation and configuration. This proved very simple, with its concise user guide that runs to only 34 pages, including the FAQ section.
Once out of the packaging, this appliance needed little encouragement to get it up and running. Sitting between the firewall and the servers (this is one option), the connections are easily made and then it's just a matter of flicking the switch on the front of the unit.
This is a plain, bare-metal, rack-mountable box. No natty design here, GateDefender is simply a functional piece of kit and would not win any design awards. But, in our books, this is a plus. It was a dream to connect to our console with only a simple command line required, initially needing only the IP address of the computer (with web browser already installed) that was sitting on the same network segment.
With the correct subnet mask and IP address, the whole process was quick and efficient, providing an administration window on the chosen machine. The general settings allow further configuration, such as port settings and the sub mask of the actual network the appliance is to protect. Then it was simply a case of choosing the anti-virus settings to set the preferred protection for the enterprise. These include alert settings so that, if an error occurs or a file should get through without prior scanning,
the administrator can be informed.
It also provides license information and update error reporting, both extremely important if the administrator has been dealing with other network issues and has omitted to check their status.
GateDefender also allows ease of use, system integration and overall security, remote access to the console where a computer is not sitting in the same network segment, password protection for access control with a timeout facility built-in to the administration console, and the ability to add 'trusted sites' that allows single or group authorization of computers where data is not to be scanned.
The size of attachments and files to be scanned can also be set in kilobytes allowing a maximum value. File extensions can be filtered to deny certain types, such as executables, entering the network.
GateDefender is also capable of stopping exploits such as SQLSlammer and the WebDAV vulnerabilities by dropping the packets based on their attack signature. With a daily automated update, GateDefender is kept at its optimum protection level with all new signature files available and reporting through log files, if pre-set, can be sent to a remote computer for future analysis.
We mentioned earlier that anti-virus solutions detect and disinfect to provide the ultimate protection, but GateDefender handles things differently. Its main objective is to protect the network and, in doing so, no disinfection takes place, because this is deemed to be a drain on system resources. To protect the perimeter, this appliance detects unwanted files and systematically blocks them, saving the drain disinfection would otherwise make on the system's precious resources. Built-in for added protection is the "WatchDog," which checks the appliance every few seconds and forces a restart if no response is found.
Of course, with perimeter protection, caution should not be thrown to the wind. Other problems can be introduced within the perimeter by employees connecting laptops, hot-syncing PDAs and introducing unauthorized memory sticks and floppy disks onto workstations. Any of these could compromise the integrity of the network, so internal anti-virus protection should not be discarded.
Overall, this offers a solid hardware/software perimeter defense system with good configuration options and exceptional ease of use.