| WEB SECURITY
There have been a variety of changes since we reviewed Vital Security in September 2005. It sports a much improved GUI, with streamlined navigation and configuration wizards. Web filtering engines provide stronger detection, offering a choice between Websense and IBM Proventia.
Following the excellent documentation, we initialized the appliance through a shell command line interface, choosing to do host management, scanning and reporting on the same box. The appliance can be used as an ICAP server to work with caching proxies.
The improved Web-based GUI offers a clean tabbed layout for managing users, policies, logs and reports, and administration. The help tab provided quick access to an extensive knowledge base. We really like the dashboard, which offers one-click access to quickly assess the overall status of traffic on the network.
We love the choice between simplified and advanced security policies. Vital Security ships with several predefined security policies--basic, medium, strict, emergency and X-ray.
The first three are part of the simplified security policy. The emergency policy is attached to a panic button that would lock down traffic in the event of a severe Internet virus outbreak. The X-ray policy allowed us to test policies prior to going live.
Advanced security policies let us create much more granular rules and conditions regarding how active content is handled, but we found it challenging to correctly place our rules in the cascading security policies tree so they performed correctly.
There are multiple options for handling flagged content. The most lenient is to allow it. We could also temporarily block content through the coach option, which flashed a warning message to the end user. You configure a custom message for blocked content.
Although Vital Security provides extensive logging capacity--more than enough to satisfy compliance requisites--the reporting features were weak. The generic report templates lacked good customization capabilities.
While there is extensive alerting for system, application and update events via email and SNMP, we would have liked to see similar capabilities for serious policy violations or blocked event thresholds.
Logging properties allowed us to determine from what devices logs would be gathered. We could enable and configure syslog data, which could easily be sent to a SIM/SEM, and archiving options for location and scheduling. Report data can be stored only on a weekly or monthly basis.
Vital Security offers the ability to repair HTML security issues while providing access to content. For example, it stripped out ads leading to URLs hosting known spyware, leaving access only to legitimate content.
Relying on leading antivirus engines (Sophos, Kaspersky Lab and McAfee), Finjan's signature-based protection delivered full coverage against all of our malicious code samples. Vital Security also utilizes behavioral analysis to identify and block zero-day threats and virtual patching for common applications with known vulnerabilities. Websense and IBM Proventia provide effective and granular URL filtering.
Vital Security's rollback capability allowed us to set up an automatic backup schedule to securely transfer our policies and system settings.
Finjan Vital Security is a scalable security solution that can effectively protect networks of all sizes from the increasing pressure of Web-based crimeware and enforce corporate Internet policy.
Testing methodology: We tested Vital Security on an Internet-facing network and subjected workstations to a variety of attacks.
Dig Deeper on Web Server Threats and Countermeasures