This month we concentrated on two areas: wireless and USB security. What we found in both cases was that technologies we thought had matured are still breaking some new ground.
The overriding impression that I had as I looked through our reviews is - and I've alluded to this before - that of an industry on the move. Many of the USB security products we tested have begun to encompass security for all types of endpoint security. Even the USB memory sticks have addressed the biggest problem for data at rest: sensitive data in clear text on an extremely portable device. These small, inexpensive products force encryption when data is saved to them. This is a cheap solution to a potentially very expensive problem.
The wireless security products are beginning to show maturity. The solutions featured here bring together management of wireless access points in a largely holistic manner. While addressing security, they also address the management of the access point devices. This is a major step in the maturity of the product group since we looked at it last.
Where we still have confusion is in the area of standards. Interestingly, we are seeing better standardisation in the endpoint security products than we do in wireless products. In the former we are beginning to see a shift from multiple encryption algorithms to AES, often AES-256.
Perhaps this move towards maturity is aided by the change in the encryption market itself. Encryption has been around for a long time, and when the industry began to move away from DES, a significant shift started. Now we are down to fewer than half a dozen encryption algorithms in common use and encryption in products is slick, transparent and effective.
The standards used in the wireless world can be confusing, but even those are starting to shake out. The 802.11 standards are beginning to come together and 802.1x security products are maturing rapidly. I expect that when we look at this product group next year, still more coalescence will have occurred, and we will have even more mature products, but fewer of them, to look at.
One of the issues we ran into with wireless products was that vendors have very broad product lines. Whether that means that the tools are overlapping or that these broad offerings are necessary remains to be seen. My prediction is that as wireless security evolves we will see consumers simplifying once complex wireless networks, resulting in the need for simpler management tools.
[BH] How we test and score the products
[BX] Our testing team includes SC Magazine Labs staff, as well as external experts. In our group tests, we look at several products around a common theme.
Generally, we do not compare products to each other. We test and review them within the group based on a predetermined set of standards, which have been compiled from several sources.
The general test process is a set of criteria built around the six review areas (performance, ease of use, features, documentation, support and value for money) and comprises roughly 50 individual criteria in the overall process.
We develop the second set of standards specifically for the group under test and use the Common Criteria (ISO 1548) as a basis for the test plan. Given that we need to give a good picture in 350 words, reviews focus on operational characteristics.
Once the testing is completed, we rate each product according to the results, assign star ratings and, if appropriate "Best Buy" and "Recommended" awards.
Our final conclusions and ratings are subject to the judgement and interpretation of the tester and are validated by the reviewer.
All reviews and tests are reviewed for consistency, correctness and completeness by the technology editor prior to being submitted for publication. Even so, errors, though rare, are possible. If you believe that an error of fact has affected a review of your product, please contact the technology editor directly.
WHAT THE STARS MEAN
Our star ratings indicate how well the product has performed against each of our test criteria.
These are marked as follows:
* Seriously deficient
** Fails to complete certain basic functions
*** Carries out all basic functions to a satisfactory level
**** Carries out all basic functions very well