This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
Price: $1,095 to $27,995, depending on model
Network Composer is a security and visibility appliance focused on controlling and monitoring end user traffic passing through the network perimeter to the Internet. We tested the DC10, Cymphonix's smallest appliance, supporting 250 users.
Network Composer classifies users (or systems) into groups, to which it applies rules. Rules can include application blocking and traffic shaping, as well as antimalware threat protection and URL-based content filtering.
It strikes a good balance between too much flexibility and ease of use, with a strong set of default policies and groups. For example, it defines seven groups, ranging from "deny access" to "monitor only," in which you can move users and systems, all with predefined access control policies.
Groups can be defined based on the normal IP and subnet definitions you'd expect, or user information stored in Active Directory, which requires a small client on each workstation.
The Web-based management system requires Internet Explorer and refuses to run with Firefox. Deployment is simple, because Network Composer sits transparently between the end user network and the perimeter firewall.
As long as you stick with the 14 built-in categories, such as "Web filter and anonymous proxy guard" or "Web filter plus IM plus SSL filter," setting things up for control and management is easy.
We pushed a little harder into customizing existing policies and ran into a poorly designed GUI (with some bugs) that discourages the effort. We also found some design limitations around VLANs, which are not supported, and large networks, because only static routing is supported.
This was first published in October 2008