This article can also be found in the Premium Editorial Download "Information Security magazine: Nine tips to guarding your intellectual property."
Download it now to read this article plus other related content.
FaceTime Internet Security Edition
REVIEWED BY SANDRA KAY MILLER
Price: Starts at $7,125
FaceTime's Internet Security Edition tackles the greynet challenge of sifting Web traffic to differentiate between legitimate and unauthorized use of real-time communications applications such as instant messaging, Web browsing and VoIP.
The combination of RTGuardian (RTG), a hardened Linux rack-mounted inline appliance, and Greynet Enterprise Manager (GEM), a Windows-based server, delivers security at the perimeter and endpoint by identifying malware, spyware, adware and unauthorized traffic.
RTG enforces policies and ties into GEM, which provides centralized management and reporting through a secure Web interface.
GEM automatically discovers endpoints by querying the primary domain controller. Administrators can also specify a range of IP addresses and discover endpoints through ping and Windows Management Instrumenta-tion. In both cases, GEM failed to detect several Win-dows desktops and all our non-Microsoft machines.
When RTG identifies malicious behavior, it feeds the data to GEM, which deploys a temporary client to clean the machine and scan for additional infection. It inoculates the machine, using ActiveX kill bits and Windows software restriction policies, which prevent the code from executing again. This feature stopped spyware cold, despite our repeated attempts to reinfect the machines.
For example, we allowed the use of certain public IM clients while prohibiting others. No one on our network was permitted to use P2P applications, and Skype was accessible only to the sales group. We could schedule automatic scans, spyware removal and inoculation. Poli-cies can be assigned according to multiple criteria such as IP address, host, user, domain and operating system.
Comprehensive URL filtering categories let us turn off access to generally prohibited and productivity-draining sites (porn, gambling, shopping, news, travel). Custom policies can be set by users, groups, location, file extension and content.
In addition to providing statistical analysis for everything from infections to policy violations, FaceTime offers a variety of executive and auditing reports. Admin- istrators can quickly see the rate of spyware infections and spot trends as to what users/systems were most vulnerable and often infected, while auditors have access to detailed information about data transferred via various Web-based channels.
IM reports can be split into events and usage, providing detailed, critical information, such as transferred files. Reports can be sent via email or exported to an FTP server for automated distribution.
Testing methodology: The RTGuardian appliance was deployed on the span port of a DMZ switch; GEM Server was installed on a Windows 2003 Server. Numerous applications were tested, using malware including spyware and adware.
This was first published in May 2007