This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."
Download it now to read this article plus other related content.
GuardianEdge offers flexible policy control; we were impressed by the complete ease with which policies were created and modified through multiple channels.
Policies are deployed to clients through AD Group Policy or a third-party tool for distributing software. Implementing and editing policies was easy, in contrast to the obscure and tedious methodologies on many similar products. GuardianEdge provides granular control over ports, devices, storage and wireless adapters, as well as specific logging, alerting and encryption controls. Client-based policy enforcement includes an anti-tampering feature that we were unable to circumvent.
Although GuardianEdge provides all the endpoint control security features found in competing products, it's limited to Microsoft systems.
It covers all the bases of endpoint device protection, including defense against hardware-based keyloggers, autorun blocking for executables
| stored on portable media, and tight controls for physical and wireless ports.
Data shadowing allows all information accessed by a specific port or device to be recorded.
The device control component's audit feature let us quickly discover specific items on our network. We set up filters to identify machines with wireless adapters on the entire network, by network segment or by individual computers, then created an inventory spreadsheet.
Encryption covers all the bases for security, compliance and usability, including a self-service password recovery feature. GuardianEdge supports AES 128 and 256, multifactor authentication and kernel-level authentication prior to booting from an encrypted hard disk.
However, neither hard disk nor removable storage encryption functioned well on our Vista test systems.
GuardianEdge delivers comprehensive logging and reporting without any extra snap-in or software.
Responding to regulatory requirements, some companies have become overzealous in their logging; this is one product you don't want to do that with. Given the wide range of security GuardianEdge covers, it's easy to become quickly overwhelmed by logging everything.
Administrators can keep track of policy-controlled events through the Windows System Event Viewer, reports created through the Windows Group Policy Management console or through a Client Monitor Watchlist.
Extensive support for Windows snap-ins creates a familiar environment for administrators to quickly integrate logging and reporting into standardized distribution channels, such as SNMP.
GuardianEdge delivers easy administration, acceptable security and automated logging for Microsoft clients.
Testing methodology: We deployed GuardianEdge Server and Manager on Microsoft Windows Server 2003 with Active Directory and tested using a variety of devices running Windows 2000, XP and Vista.
This was first published in November 2008