This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners sound off on key information security issues."
Download it now to read this article plus other related content.
Network Composer did a great job of catching viruses and malware from our library of recent samples, as long as we downloaded using HTTP over port 80.
In normal protection mode, Network Composer misses threats on non-standard ports and for other protocols, such as SMTP and FTP. However, if we put the Network Composer into strict blocking mode, it identified non-standard HTTP and blocked it--viruses or not
A nice feature is the ability to scan HTTPS traffic, but look for those high-end models with encryption acceleration if you want to use this feature. Network Composer can intercept SSL-encrypted traffic and splice together two connections to enable it to decrypt and scan traffic. This all depends on the system manager giving Network Composer a digital certificate.
Control features include the standard gamut of URL filtering (with the option to add your own block list and pass lists) and detection of other filtering avoidance techniques such as anonymous proxies, as well as traffic shaping and specific application blocking.
Network Composer shines in its ability to give visibility into network traffic. It slices and dices by user and user group, by application, usage level and threat. It gives amazing visibility into traffic and usage, such as where your Internet bandwidth is going, what people are saying via IM and what applications are running, Network Composer provides this information through its Web-based dashboard, for real-time information and drill-down, as well as through a reporting system that lets you run short-term or long-term reports whenever needed. A library of common report templates comes preloaded, or you can define your own reports.
Network Composer is well suited to organizations looking to gain strong visibility into network traffic, and to supplement an existing firewall and antivirus tools.
Testing methodology: We put the DC10 into a live network between a group of 150 DSL users and the Internet in monitor-only mode for one week and evaluated the network visibility aspects of the product. Then, we ran specific tests to evaluate the security protection capabilities of the DC10.
This was first published in October 2008