This article can also be found in the Premium Editorial Download "Information Security magazine: How to tell if you need the help of security integrators and consultants."
Download it now to read this article plus other related content.
Astaro presents a wide variety of choices to allow, monitor or block IM sessions.
All of the products can at least monitor IM traffic (See Astaro screen shot, right, for example), and some have rudimentary mechanisms to (sometimes) block particular IM protocols. SonicWALL was the only vendor that can completely block Google Talk and Skype conversations. Fortinet's IM protection is somewhat obscure. You have to go to two different places, one to handle policies for individual users and one to monitor or block the specific IM protocols.
Any solid defense against IM use will require combining Web filters to block access to particular sites as well as using the IM modules' features.
Check Point also does some very extensive port scanning, including ports that are used for VOIP, IM and P2P applications.
Web application scanning is absolutely essential if your company's Web servers are in remote locations or if you plan to set up a new Web server on an unprotected network such as at a branch office. Check Point, SonicWALL and Juniper offer protective mechanisms for preventing common Web application attacks such as SQL injection and cross-site scripting. We didn't find policy setting particularly straightforward for any of them.
The others just give lip service here, or require you to spend your days writing firewall rule sets.
For additional features, we liked Check Point's safe upgrade, requiring an administrator to complete a successful login within a specified (and user-selected) period of time; otherwise the box will roll back to a previous version. SonicWALL allows management of its wireless access points from its UTM device.
This was first published in June 2007