Readers' Choice Awards '08: IT Security Products of the Year

Information Security magazine's annual Readers' Choice Awards honor security software, services and products of the year in several areas: antimalware, application, email and mobile security, network access control, firewalls, remote access, firewalls, SIMs, UTM, vulnerability management, wireless, IDS/IPS, and Web gateways.

This Content Component encountered an error
This Content Component encountered an error
This article can also be found in the Premium Editorial Download: Information Security magazine: Security Readers' Choice Awards 2008:

1,600 Readers VOTED
   360 Products EVALUATED
        48 WINNERS

[INSIDE]

Antimalware

Application Security

Authentication

Email Security

Emerging Markets

Emerging Technologies

Identity & Access Management

Intrusion Detection/Prevention

Mobile Data Security

Network Access Control

Network Firewalls

Secure Remote Access

SIMs

UTM

Vulnerability Management

Web Security Gateways

Wireless


Selecting the 2008 Readers' Choice Awards
Information Security and SearchSecurity.com presented more than 1,600 readers with some 360 security products, divided into 18 categories. Three categories which failed to draw sufficient reader response are covered in market articles.

Respondents were asked to rate each product based on criteria specific to each category. For each criteria, respondents scored the product on a scale of one (poor) to five (excellent). In addition, each criteria was given a weighted percentage to reflect its importance in that category.

Winners were based on the cumulative weighted responses for each product category criteria. Editors arrived at a product's overall score by calculating the average score it received for each criteria, applying the weighted percentage and adding the adjusted scores. Emerging Technologies awards were determined by Information Security and SearchSecurity.com editors.

Antimalware
Desktop business-level antimalware products


[GOLD]

Sophos Endpoint Security and Control
Sophos

Sophos Endpoint Security and Control garnered the gold, drawing raves from readers for its speedy and frequent signature updates. The product also earned high marks for its effectiveness in detecting, blocking and cleaning up malware, as well as its reporting and alerting capabilities.

Sophos Endpoint Security and Control provides integrated antivirus, antispyware and client firewall protection. Its single antivirus client incorporates intrusion prevention and control of unauthorized applications, VoIP, IM, peer-to-peer and gaming software. The software provides cross-platform security, protecting Windows, Mac, Linux, Unix, NetApp storage systems and Windows mobile devices.

A central management console warns of outbreak risks across the network via automatic email alerts. Sophos' host intrusion prevention system uses four layers of detection to block zero-day threats; the threat detection engine analyzes the behavior of code before it executes and prevents it from running if it is considered malicious.

Sophos is adding network access control (NAC) functionality to Endpoint Security and Control 8.0.

NOTABLE Sophos acquired NAC vendor Endforce last year.



[SILVER]

CA Threat Manager
CA

CA Threat Manager, an integrated antivirus and antispyware product, won the silver medal. Readers gave it high marks for the frequency and speed of its signature updates and its reporting and alerting capabilities. The product also scored well for its ability to detect and block unknown malware and zero-day exploits, plus its effectiveness in catching known malicious code.

CA Threat Manager detects and provides remediation for viruses, worms, spyware (technology acquired in 2004 from PestPatrol), keyloggers, Trojans and other malware. Features include extensive graphical reporting and support for Cisco NAC.

The product supports a variety of platforms, including Windows, Macintosh, Linux, Unix, NetWare, PDAs and Network Appliance NAS devices, and is managed via a Web-based console.

CA Threat Manager works with the CA Host-Based Intrusion Prevention System, which combines firewall and intrusion prevention capabilities.

NOTABLE CA added support for Microsoft's Network Access Protection (NAP) architecture with the release last year of Threat Manager Version r8.1. More recently, it also announced support for Windows Server 2008 and SQL Server 2008.

Antimalware
Desktop business-level antimalware products


[Bronze]

McAfee Total Protection
McAfee

Readers awarded the bronze to McAfee Total Protection, praising the integrated product in a number of areas. The software, which combines antivirus, antispyware, antispam, personal firewall protection and host-based intrusion prevention, earned strong reviews for the frequency and speed of its signature updates, ease of installation, configuration and administration, as well as its effectiveness in blocking and cleaning up malware.

McAfee Total Protection for Enterprise secures servers, email servers and desktops with automatic signature updates and behavior-based technology to prevent attackers from inserting malicious code into systems. The product also uses signatures and behavior-based techniques to detect and remove rootkits. It filters inbound and outbound email for spam, viruses and inappropriate content.

Total Protection for Enterprise is managed via McAfee ePolicy Orchestrator, which allows administrators to enforce policy, monitor network security and make updates from a single console. The product leverages threat research from McAfee Avert Labs, which tracks emerging threats.

NOTABLE According to Gartner, McAfee was the first traditional antivirus vendor to incorporate HIPS capabilities into its base antimalware product.


Application Security
Web app firewalls, source code and app scanners and appliances


[GOLD]

IBM WebSphere DataPower XML Security Gateway XS40
IBM

As more companies begin exposing Web services outside the network--to business partners, for example--they are abandoning proprietary EDIs for open formats such as XML, Ajax and mashup frameworks. Securing exchanges between applications becomes paramount, and Information Security readers acknowledge the trend with the gold medal for IBM's WebSphere DataPower XML Security Gateway XS40.

This is the second consecutive win in this category for the DataPower product; readers were high on its effectiveness in reporting and preventing known attacks, as well as the frequency of updates, and support from IBM.

The XS40 parses, filters and validates XML schema. It verifies digital signatures, and signs and encrypts XML messages, beyond acting as a security checkpoint for XML traffic and Web services messages.

Gari Singh, product manager for SOA appliances at IBM, says Big Blue has made considerable engineering investments in DataPower since acquiring it in 2005, including work on service registries and repositories.

NOTABLE Singh says IBM is refining best practices around securing Web 2.0 and REST-based services, bridging REST, SOAP and JSON protection, as well as securing RSS and Atom feeds.



[SILVER]

BIG-IP Application Security Manager
F5 Networks

F5 Networks' BIG-IP Application Security Manager (ASM) finished a close second to IBM in this category, with strong scores for its effectiveness in preventing known attacks and/or vulnerabilities, and vendor support and service.

ASM acts as a proxy accepting traffic before it hits users, and protects applications from the gamut of Web app threats such as cross-site scripting and forgery, SQL injections, escalation attacks and more. It does so aided by a learning feature, introduced last fall, that monitors traffic, recognizes acceptable application behavior and refines security policies in real time.

Furthermore, ASM is also available as part of F5's application delivery controller, building a security policy based on the traffic it observes.

"Customers are not necessarily looking for a security appliance, but for data center optimization or application availability," says F5 technical marketing manager Alan Murphy.

Upcoming enhancements to ASM include an antievasion engine, as well as SMTP protection and security for rich media applications.

NOTABLEASM security policies don't have to start in learning mode. F5 has created out-of-the-box policies for SharePoint 2003 and 2007, Outlook Web Access, SAP NetWeaver and Oracle.

APPLICATION Security
Web app firewalls, source code and app scanners and appliances


[Bronze]

Citrix Application Firewall
Citrix Systems

Citrix Systems' Citrix Application Firewall utilizes what the vendor calls a positive security model that establishes a baseline of approved application behavior, and blocks any application traffic that deviates.

"There are no concerns with zero-day attacks, which can be an issue for products that rely on signatures or blacklists for protection," says Citrix product manager Morgan Gerhart.

Readers gave Citrix Application Firewall good marks for its threat protection and integration with other security tools for reporting and remediation. It can be purchased standalone, or as a module on the Citrix NetScaler Application Delivery System.

Gerhart says the vendor plans enhancements around integration, simplicity and performance, particularly addressing performance issues for smaller companies running the firewall on an entry-level server.

Future versions will also look at XML traffic and SOA applications.

NOTABLE This technology was acquired in 2005 from Teros. Integration with the NetScaler delivery system is important because most application firewall purchases are reactive, and companies are hesitant to buy a standalone product that adds another network hop and latency, says Gerhart.


AUTHENTICATION
Digital identity verification


[GOLD]

RSA SecurID
RSA, The Security Division of EMC

RSA SecurID is a repeat Readers' Choice winner in this category, largely on the strength of its integration and compatibility capabilities. The ubiquitous token is used as a second form of authentication in more than 30,000 customer deployments, and supports 365 products from more than 200 vendors.

"RSA's partner ecosystem has created that broad application support; that's why the product remains so successful, in spite of competitors selling tokens at a dramatically lower price," says Burton Group analyst Mark Diodati.

"Customers stay with them because the solution is easy to use and works with the apps they have."

RSA argues that SecurID's total cost of ownership is much lower than competitors' when time to production, strength of security, the ability to leverage many infrastructures and dependability are taken into account.

SecurID provides strong authentication support for IPsec and SSL VPNs, wireless networks, Windows and Unix desktop and server environments, Web servers and other enterprise applications.

NOTABLE RSA is completing a re-architecture of SecurID that will affect releases later this year and into next. Agent upgrades are also on the docket, as are improvements to support on more mobile device platforms.


[SILVER]

VeriSign Identity Protection Authentication Service
VeriSign

VeriSign's Identity Protection Authentication Service finished a close second in this category, with solid scores from readers on the security of its credentials and scalability. VeriSign's two-factor credential can be used across multiple sites; the credential is validated against VeriSign's shared infrastructure, meaning customers do not have to deploy an on-site server. Instead, they connect via SOAP-compliant Web services to VeriSign's network, reducing deployment costs.

VeriSign, like other authentication vendors, has benefited from a glut of regulatory activity mandating two-factor authentication, in particular the FFIEC guidance for online banking.

Product manager Jeff Burstein says VeriSign will concentrate development on new credential choices, including enhancements to its one-time password credit card form factor. Burstein explains that the card, built on OATH one-time password standards, fits into a consumer's wallet--preferable he says to early one-time password generators made of metal that were awkward to carry around.

NOTABLE Some PayPal and eBay customers are likely familiar with the PayPal Security Key, a $5 fob announced a year ago that is used as a second form of authentication.

AUTHENTICATION
Digital identity verification


[Bronze]

Juniper Networks Steel-Belted Radius Server
Juniper Networks

Serving the enterprise and service provider markets, Juniper Networks' Steel-Belted Radius Server, acquired as part of the Funk Software purchase in 2005, got high marks for its integration capabilities.

Readers were also high on its scalability, while giving the product lower scores for vendor support, and ease of installation and configuration. The AAA server provides centralized authentication and access policy management.

The Steel-Belted Radius server line has three products.

SBR Enterprise Edition is targeted at smaller companies, giving them the ability to centralize authentication and manage remote users.

SBR Global Enterprise Edition, which manages users at multiple sites, integrates into SNMP management systems and manages authentication via an advanced proxy RADIUS.

Finally, the SBR Appliance is for companies that want to run a RADIUS server as a rack-mountable device.

NOTABLE Juniper's estimated $122 million acquisition of Funk Software in 2005 came on the heels of 2004's $4 billion purchase of NetScreen Technologies and was an early move to integrate networking and security.


EMAIL SECURITY
Antispam, antiphishing, email antivirus, content filtering and archiving


[GOLD]

IronPort Email Security Appliances
Cisco Systems

Lauded by readers for their ability to detect and block spam, phishing attempts and viruses, email security appliances from IronPort Systems, a business unit of Cisco Systems, won top honors.

Readers also gave the devices high marks for ease of use and ability to integrate with existing messaging applications. IronPort email security appliances use a multilayered security architecture to fight spam that includes reputation filters and context-based antispam filters. They use a similar multipronged approach to fighting viruses, employing virus outbreak filters and third-party antivirus signatures.

IronPort's reputation filters and virus outbreak filters leverage data gathered by the vendor's SenderBase global email and Web traffic monitoring network to provide added protection from email-based malware; automatic alerts and rule updates are sent directly to the appliances. The devices run on IronPort's proprietary operating system, AsyncOS, and feature continuous rule updates to maintain high accuracy.

The product line is designed to meet the needs of any size company, from small businesses to large corporations and ISPs.

NOTABLE Cisco completed its acquisition of IronPort in June 2007.



[SILVER]

Barracuda Spam Firewall
Barracuda Networks

Barracuda Spam Firewall snagged the silver medal, winning high marks from readers in several categories. The appliance scored high in its ability to block spam and malware, integration with existing applications, end user transparency and ease of installation and administration.

The device, which comes in seven models, provides integrated antispam, antivirus, antiphishing and antispyware protection. It uses several techniques to protect an email server, including IP reputation analysis, sender authentication, user-specified policies, Bayesian analysis and rule-based scoring. End user control features allow for fine tuning and enhanced accuracy.

A single Barracuda Spam Firewall handles up to 30,000 active mail users; multiple units can be clustered for high availability. All models include outbound filtering techniques such as attachment scanning, virus filtering and rate control to ensure outgoing email is legitimate.

A system administrator monitors and manages the applications via a Web interface, and Barracuda's security operations center continuously updates the firewall with spam and virus definitions.

NOTABLE Barracuda recently enlisted help from the open source community to defend itself against patent infringement claims made by Trend Micro.

EMAIL SECURITY
Antispam, antiphishing, email antivirus, content filtering and archiving


[BRONZE]

Google Email Security
Google (Postini)

Readers awarded the bronze medal for email security to Google, which acquired Postini last September. The hosted solution scored well in its ability to block spam and other malware, as well as its ease of use and integration with existing messaging applications.

The service stops spam, viruses, phishing, denial-of-service and directory harvest attacks. Its multilayered protection includes heuristic and signature-based detection, and it provides detailed quarantine summary reporting to administrators through a Web console.

Delivered on the software-as-a-service model (SaaS), the service doesn't require hardware or software, which reduces IT resource requirements and can relieve management headaches.

Postini says its patented architecture ensures no delays or disruptions to email service, no matter how high spam volumes reach.

Google, in February, released messaging services that streamline Postini's assorted services into three basic bundles, for Lotus Notes, Microsoft Exchange and Novell GroupWise.

NOTABLE Google made another foray into security via acquisition last year, acquiring Green Border, whose antimalware technology operates as a sandbox for Web browsing.


IDENTITY & ACCESS MANAGEMENT
Identity & access management, SSO and provisioning


[GOLD]

Novell Identity Manager
Novell

Buying information security technology has often been compared to buying life insurance, but user identity provisioning is one category that has offered quick, measurable ROI from the start. Novell Identity Manager, this year's identity management winner, is widely regarded as a leader in this market, automating user provisioning to get employees what they need--and only what they need--to get to work quickly.

A key part of Novell's suite of identity management tools, centered on its eDirectory LDAP service, Identity Manager resolves the labor-intensive task of provisioning users with access to the applications, information and tools they require. Role-based provisioning makes assignments by business role and policies, and automated workflows assure that changes are implemented quickly and accurately.

Access is cut promptly and accurately as roles change or employees are terminated. In addition to providing cost savings, this helps meet security and regulatory requirements.

Identity Manager users particularly liked its user transparency, ease of use, scalability and, most important, ROI.

NOTABLE While most of its leading competitors--such as Sun/Waveset, Oracle/Thor and Oblix, CA/Netegrity, IBM/Access 360--owe much of their IAM technology to acquisitions, Novell has built its products from within.



[SILVER]

RSA Access Manager
RSA, The Security Division of EMC

Access control was relatively straightforward when data and applications were largely restricted to business silos: company, division, department. That's all changed as Web-based access has enabled vast opportunities--and complex access and security issues.

RSA Access Manager is among the top products in the Web-based access control market, designed to bring order to the formidable task of giving employees, partners and customers quick and appropriate access via intranets, extranets, portals and Internet-facing applications.

To manage this maze of access privileges to disparate back-end data stores, Access Manager provides highly flexible role-based policies, including appropriate security/authentication controls (e.g., passwords for one level, tokens or biometrics for another).

Single sign-on (SSO) capabilities, a key component of Web-based access control tools, simplify the user experience and reduce cost by centralizing user management and reducing help- desk calls for password resets.

Access Manager scored well for scalability, integration and compatibility with multiple directory stores, authentication products, etc., and extensibility.

NOTABLE Since the EMC deal, RSA acquired DLP vendor Tablus, and boosted its position with financial institutions, buying Cyota and PassMark Security.


IDENTITY & ACCESS MANAGEMENT
Identity & access management, SSO and provisioning


[BRONZE]

Citrix Password Manager
Citrix Systems

Enterprise single sign-on (ESSO) is an essential tool in complex business environments, bringing order to the mishmash of authenticating users to multiple applications and platforms. Citrix Password Manager fills the bill for readers who gave it the bronze medal.

When coupled with Citrix's flagship product, Presentation Server, Password Manager can deliver clientless SSO access to applications through a published browser or desktop, Web Interface for Presentation Server or Windows Terminal Server via its ICA presentation protocol on a LAN connection.

Password Manager simplifies administrative chores and strengthens security. Strong password policies, and automatically enforced scheduled changes, can be applied to automated and password changes, transparent to users, who need only worry about their network log-on. It integrates with numerous multifactor authentication products, including smart cards, tokens and biometric devices.

Password Manager scored highest in end user transparency and ease of use, ease of installation, configuration and administration, and vendor service and support.

NOTABLE Citrix has won a lot of new business--1,200 new customers in 2007--with Password Manager, particularly among small to medium businesses, according to Gartner.


INTRUSION DETECTION/PREVENTION
Network-based intrusion detection/prevention


[GOLD]

TippingPoint Intrusion Prevention Systems
TippingPoint

Say "network intrusion prevention" and the name TippingPoint almost surely will come up. Its powerful range of high-performance appliances has established the company's strong position among signature-based IPS vendors. Readers' Choice respondents backed that reputation, awarding TippingPoint Intrusion Prevention Systems appliances gold in a highly competitive category.

Readers gave TippingPoint high marks across every IPS criteria. In particular, it stood out for its ability to effectively and accurately detect and stop malicious traffic, frequency of signature updates and response to new threats, and the ability to tune the appliances to reduce false positives.

Using custom ASICs, high-performance processors and a 20 Gbps backplane, TippingPoint IPS is known for low latency, critical for detecting and/or blocking threats without false positives and without slowing traffic, especially in QoS-sensitive environments.

TippingPoint IPS complements its signature-based detection with strong network features, enabling traffic classification and rate shaping.

NOTABLE TippingPoint is at the center of controversy in Bain Capital's takeover of parent company 3Com. TippingPoint may be sold to appease regulators and facilitate the sale.



[SILVER]

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Systems

Cisco's line of versatile 5500 Series Adaptive Security Appliances is an appealing platform for the network infrastructure giant's IPS capabilities, earning Cisco the silver in a market featuring a number of pure-play dedicated appliances.

Cisco's IPS was a close second among Readers' Choice respondents, who gave it particularly high marks for effectiveness, update frequency, integration with network defense and management tools (no surprise considering Cisco's dominance on the network) and vendor service and support.

Adding Cisco's IPS module to the 5500 series combines signature-based intrusion prevention to a platform known for its top-shelf network firewall/VPN capabilities, built on Cisco PIX.

Organizations can use the IPS risk rating feature to base alerts and automated action on business-specific criteria, such as asset sensitivity.

Cisco-dominated shops benefit from the use of Cisco Security Manager to administer all Cisco security products from a central console.

NOTABLE Cisco is phasing out its venerable PIX firewall products, which it will continue to support for several years, in favor of the 5500s.

INTRUSION DETECTION/PREVENTION
Network-based intrusion detection/prevention


[BRONZE]

McAfee IntruShield
McAfee

Coming in third is far more than a consolation prize in the IPS category. McAfee's IntruShield, one of the acknowledged leaders in this market, got plenty of strong support from readers.

McAfee scored well in all criteria, but readers particularly appreciate service and support, its effectiveness, and alerting and reporting capabilities.

McAfee, which became an instant player in the nascent network IPS arena when it acquired IntruVert in 2003, offers a line of seven IntruShield appliances, from branch office models to core workhorses that advertise 2 Gbps throughput (with a multi-gig box due out this year) and up to 1 million concurrent connections.

Perhaps IntruShield's greatest value comes in its integration with other McAfee security products under its central management platform, e-Policy Orchestrator (ePO), which is so popular it is often cited as a prime reason for McAfee keeping and building up business. For example, IntruShield can be paired with Foundstone vulnerability management to assess the risk of a particular attack actually compromising critical network assets.

NOTABLE IntruShield integrates with McAfee Network Access Control, bringing network and host security together under ePO.


MOBILE DATA SECURITY
Protection for handheld devices and laptops


[GOLD]

McAfee Endpoint Encryption
McAfee

McAfee has been a powerhouse in the antivirus and intrusion prevention markets for years, but it has been gradually expanding its product line of late through acquisitions and organic development. Its McAfee Endpoint Encryption offering (formerly SafeBoot Encryption) has emerged as a leader in the growing market for technologies to help protect sensitive corporate data from theft or loss.

Designed to protect high-value data on laptops and other mobile devices, McAfee Encryption boasts a long list of features, including persistent encryption of files and folders, regardless of where they're moved, support for two- and three-factor pre-boot authentication and single sign-on systems. It also integrates with Active Directory and LDAP and can support PKI deployments.

The McAfee offering received high marks from readers in a number of areas, particularly for its flexible and granular policy controls and its strong central management capabilities.

Users also liked the simple and efficient installation and configuration process and praised McAfee for strong service and support.

NOTABLE McAfee Encryption uses both AES-256 and RC5-1024 encryption.



[SILVER]

Symantec Mobile Security Suite
Symantec

Symantec was among the first wave of security vendors to extend protection to the growing number of mobile devices making their way onto corporate networks, and its strength and experience in this area helped its Mobile Security Suite 5.0 offering win silver.

The suite is heavy on antimalware capabilities and integrates with Symantec Live Update. It includes protection against viruses through scheduled and on-demand file scans.

It also is able to stop SMS spam through message filtering. The Mobile Security Suite, unlike some other competitive offerings, includes a full firewall, with inbound and outbound network traffic control.

Along with file encryption and a file activity log, the offering also integrates with Symantec's Mobile VPN for network access control.

Readers rated Mobile Security Suite highly for malware protection and also praised its range of device coverage, which includes any device running Windows Mobile 5. The suite also drew compliments for its ease of management and its return on investment.

NOTABLE Mobile Security Suite includes a feature to protect itself against attack and ensure the integrity of its components.

MOBILE DATA SECURITY
Protection for handheld devices and laptops


[BRONZE]

Trend Micro Mobile Security
Trend Micro

Designed specifically with smartphones and PDAs in mind, Trend Micro's Mobile Security includes a wide variety of capabilities vital to enterprises while retaining the ease of use for which Trend Micro is known. This combination gave Mobile Security the juice to win bronze.

Trend Micro's offering includes a real-time encryption function that encrypts not only files in the device's local memory, but also files on removable SD memory cards. The suite supports several encryption algorithms, from Triple-DES to AES-256, and has on-device authentication policies as well. Like the other products in this category, Trend Micro's suite has a firewall and antimalware scanning to go along with a new central management console that enables administrators to manage mobile devices from the same console as they manage desktops and servers.

Users gave Mobile Security strong ratings for its flexible policy management capabilities and for its antimalware and data protection functionality. Users also liked Trend Micro's new central management function.

NOTABLE Mobile Security allows users to download updates through wireless data connections such as Wi-Fi, GPRS and EV-DO.



NAC
Pre- and post-connect network access control


[GOLD]

Cisco NAC Appliance
Cisco Systems

Cisco, along with Microsoft, essentially defined the network access control (NAC) market several years ago with the introduction of its Network Admission Control architecture. Since then the market has become overpopulated with smaller appliance and software vendors, but our readers put Cisco's NAC Appliance head and shoulders above the competition.

Formerly known as Clean Access, the NAC Appliance is designed to be the first point of contact for users entering a corporate network, and enables administrators to authenticate and authorize users and enforce organizational security policies before network access is granted. The system enables the enforcement of a number of different policies, depending on device type, user and role. Machines that are out of compliance can be directed to remediation servers for delivery of patches and other updates.

The NAC Appliance scored highly in virtually every category in our readers' assessment, but was especially strong in its ability to integrate with customers' existing infrastructures and its scalability. Readers also praised the appliance's variety of enforcement options and gave Cisco high marks for its service and support.

NOTABLE Cisco's flexible deployment model enables customers to deploy it at either Layer 2 or Layer 3.



[SILVER]

Juniper Unified Access Control (with Infranet Controller Appliances)
Juniper Networks

Juniper, like Cisco, is a hardware company through and through and as such, has used its expertise in building enterprise-class routers and switches to develop a line of high-performance NAC appliances.

The Unified Access Control boxes, combined with the company's Infranet Controller Appliances, finished second in this category.

The UAC appliances are designed for organizations from small businesses all the way up through large global enterprises, and include feature sets designed to meet the disparate needs of these companies. Like other NAC appliances, the UAC system includes an agent that sits on the endpoint and collects user credentials and also assesses the security posture of the machine. The agent can be installed dynamically as unknown machines attempt to connect to the network, and administrators can enforce policy at a number of different points in the network, including any 802.1x-enabled switch.

Readers gave the UAC appliances strong ratings for their range of policy checks, integration with existing infrastructures and scalability.

NOTABLE Juniper UAC can be deployed in an agentless configuration for Linux, Solaris or Mac OS X environments.

NAC
Pre- and post-connect network access control


[BRONZE]

Check Point Integrity
Check Point Software Technologies

Known mainly for its industry-standard VPNs and firewalls, Check Point has made a big move into the endpoint security market of late, leveraging its acquisition of Zone Labs. The company's Integrity product, now known as Check Point Endpoint Security, snagged bronze.

Endpoint Security's main strength lies in the fact that it is a single desktop agent that comprises a wide variety of security features, including a firewall, antivirus, antispyware, network access control, program control, data security and remote access. Its NAC capabilities include the standard functions such as preconnection client inspection, remediation and quarantining. Endpoint Security also supports 802.1x authentication and VPN gateways from third-party vendors.

The product allows administrators to deploy and manage security policy for thousands of endpoints across a distributed environment from a single console.

Readers ranked Integrity highly for its policy-based network access control and its enforcement options. Users also gave the offering a strong rating for its logging and reporting and its integration with customers' infrastructures.

NOTABLE Endpoint Security has a "stealth mode" that can make protected machines invisible to attackers.


NETWORK FIREWALLS
SMB and enterprise-level network firewall appliances and software


[GOLD]

Juniper Networks SSG, ISG Appliances
Juniper Networks

Juniper Networks' Secure Services Gateway (SSG) and Integrated Security Gateway (ISG) appliances won gold in the network firewall category on the strength of solid centralized management capabilities and ease of installation, configuration and administration.

The SSG appliances suit small and medium-sized companies to large enterprises with many branch offices. The GigaScreen3 ASIC module is the cornerstone of the ISG architecture and does packet parsing, classification and session-level processing for established sessions. Juniper says its ISG 1000 and 2000 are ideally suited for securing enterprise, carrier and data center environments where advanced applications such as VoIP and streaming media dictate consistent, scalable performance.

Readers say they got their money's worth from these products, starting with the ease of installation, configuration and administration. Readers also gave high marks to the technologies' centralized management capabilities, ability to block intrusions, attacks and unauthorized network traffic, vendor service and support, and compatibility with other network security tools.

NOTABLE Organizations using Juniper security technology include Bankdata, a leading financial services provider in Denmark.



[SILVER]

Cisco PIX Appliances and Software
Cisco Systems

Cisco Systems' PIX firewall appliances and software finished a close second in this category, earning high marks from readers for their ability to block intrusions, attacks and unauthorized network traffic. Readers also ranked highly Cisco PIX support and service, as well as its application layer and protocol controls.

PIX appliances provide enterprises with user and application policy enforcement, attack protection and secure connectivity services. The purpose-built appliances provide such integrated security and networking services as advanced application-aware firewall services; VoIP and multimedia security; site-to-site and remote-access IPSec VPN connectivity; intelligent networking services; and flexible management components.

The PIX line ranges from compact desktop appliances for small offices to modular gigabit appliances for large enterprises and service providers.

NOTABLE On Jan. 28, Cisco announced the end-of-sale and end-of-life dates for Cisco PIX security appliances, software, accessories and licenses. The last day for purchasing Cisco PIX security appliance platforms/bundles will be July 28, and the last day to purchase accessories and licenses will be Jan. 27, 2009. Cisco will continue to support PIX customers through July 27, 2013.

NETWORK FIREWALLS
SMB and enterprise-level network firewall appliances and software


[BRONZE]

Check Point FireWall-1
Check Point Software Technologies

Check Point Software Technologies' FireWall-1 took the bronze, with readers recognizing its central management capabilities and its ability to block attacks and unauthorized traffic. FireWall-1--integrated into the company's VPN-1 product line--uses Application Intelligence and INSPECT, Check Point's intelligent inspection technologies. FireWall-1 integrates network and application-layer firewall protection and makes use of Check Point's SMART management architecture.

The product provides access controls, attack protection, application security, intrusion prevention, content security, authentication, and network address translation (NAT).

FireWall-1 supports more than 200 applications and protocols out of the box, including SQL Server, RPC and CIFS from Microsoft, Oracle SQL and ERP, SOAP and XML, SMTP, POP3, SSL traffic and more. It also secures VoIP applications, and is able to inspect voice protocols such as SIP and H.323.

NOTABLE In a move illustrating how firewall technology has become increasingly integrated into other defenses, Check Point recently unveiled its Endpoint Security product, which combines FireWall-1, network access control (NAC), program control, antivirus, antispyware, data security and remote access.


SECURE REMOTE ACCESS
IPsec and SSL VPN products


[GOLD]

Juniper Networks Secure Access
Juniper Networks

Juniper Networks earned the gold for its Secure Access SSL VPN, with readers giving it high marks for ease of use, compatibility with other security tools and vendor support. Juniper says its SSL VPN security products have a variety of form factors and features that can be combined to meet the needs of companies of all sizes, from SMBs that need VPN access for remote/mobile employees, to large global deployments for secure remote and/or extranet access.

The technology is based on the Instant Virtual Extranet (IVE) platform, which uses SSL, the security protocol found in all standard Web browsers. The use of SSL eliminates the need for client-software deployment, changes to internal servers and costly ongoing maintenance and desktop support, Juniper says. For big global enterprises, Juniper recommends its Secure Access 6000 SSL VPN appliance. Features of this product include built-in SSL acceleration and compression for all traffic types, redundant and/or hot swappable hard disks, power supplies and fans, and dynamic access privilege management with three access methods.

NOTABLE Forrester Research says Juniper Networks maintains its SSL VPN leadership thanks to its superior reverse proxy technology and focus on secure mobility.



[SILVER]

Cisco VPN Concentrator Series
Cisco Systems

Cisco Systems' VPN Concentrator Series finished a close second in this category. Readers praised its flexible, reliable and high-performance remote-access features. Cisco consistently scored well for its authentication support, end user transparency and ease of use, investment ROI and extensibility. The Cisco VPN 3000 Series offers both IPsec and SSL VPN connectivity on a single platform, and is available both in both redundant and nonredundant configurations.

One of its biggest selling points has been that it's easy to deploy, featuring an integrated Web-based management system with an interface for configuring and monitoring remote users. It is also considered one of the more affordable products around, with no added licensing costs for special features. Cisco has also touted the fact that it offers extensive application support through its dynamically downloaded SSL VPN client for WebVPN, enabling network-layer connectivity to virtually any application.

A primary component of Cisco VPN 3000 Concentrator Software v4.7 is the Cisco Secure Desktop, which offers pre-connection security posture assessment.

NOTABLE Cisco announced in February 2007 end of life for the VPN 3000 Concentrator.

SECURE REMOTE ACCESS
IPsec and SSL VPN products


[BRONZE]

Citrix Access Gateway
Citrix Systems

Citrix gets the bronze in this category for its Citrix Access Gateway, an SSL VPN that can securely deliver applications with policy-based SmartAccess control. Citrix's patent-pending SmartAccess technology allows administrators to control access and actions based on the user and the endpoint device. For example, a user may have full access (read, save locally, print, etc.) to a set of files when utilizing his or her office PC, but may be restricted to read-only access when connecting through an unrecognized kiosk device.

Similarly, if an employee tries to log in to the corporate network via a home PC that does not have an active antivirus update service, that employee may not be able to access certain mission-critical systems.

The Access Gateway product line provides secure access to Windows and Unix applications, Web applications, Citrix Presentation Server-hosted applications, network file shares and telephony services using VoIP softphones. No application customization is required to use these features.

Readers gave high marks to Citrix Access Gateway for its authentication support and breadth of applications/ devices covered.

NOTABLE Citrix Systems and Microsoft also provide leading technology that focuses on access and acceleration for corporate applications.


SIMs
Security information and event management systems


[GOLD]

Symantec Security Information Manager
Symantec

Readers awarded Symantec's Security Information Manager the gold medal in the security information and event management category, giving it high marks in event correlation, archiving and ease of deployment.

The Windows-based appliance collects and manages event data using sensors that are deployed on targeted systems.

The product also aids in responding to security threats by applying risk analysis metrics to the collected data.

It then prioritizes a threat list based on the organization's specific configurations, patch levels and known vulnerabilities tracked by Symantec through its Global Intelligence Network.

Built-in ticketing and workflow features also help document the response process to quickly remediate threats once they are identified.

Symantec says the tool can help organizations comply with PCI, Sarbanes-Oxley and other regulations using a log storage feature that doesn't need a major investment in hardware or storage. It captures both normalized data and raw event information and allows users to review, conduct analysis and build reports based on the data.

NOTABLE Symantec has recently added anomaly detection, logical grouping and enhanced archiving to this product.



[SILVER]

ArcSight Enterprise Security Manager
ArcSight

Readers rated highly ArcSight's Enterprise Security Manager's event correlation features and its ability to map information to an organization's unique set of policies and compliance regulations.

ESM works in conjunction with ArcSight Logger, which collects and normalizes event data and reports on security events based on rules created by the user. The tool is agentless, and uses event source connectors to collect the log data.

The data collected is compressed and stored in a proprietary file-based repository; it can store both normalized and raw event data, according to ArcSight.

The ESM takes the logging data, analyzes it and displays events on the ArcSight console, triggering alerts. ArcSight said its ESM tool also integrates with custom data sources, including home grown applications and physical security systems.

ESM's correlation capabilities can discern events connected to a specific individual and that user's business role and organizational membership. It can associate any IP address-based events with events from the enterprise's physical infrastructure.

NOTABLE ArcSight held its IPO in February and raised $50 million. Stocks were priced on the low end of their $9-$11 projections.

SIMs
Security information and event management systems


[BRONZE]

CA Security Command Center
CA

CA's combined Security Command Center and Audit appliance received the bronze medal, getting high marks for event correlation and containing a flexible policy definition.

Combined, the tools collect, aggregate analyze and then display security events across the enterprise.

CA Audit serves as the audit logs and security event collection and data repository. It uses agents installed on target systems for data collection. The software collects and filters event data and can automatically send an alert in the event of suspicious activity.

CA Audit also provides centralized and role-based policy management and alert management. The tool supports the Windows, Linux and UNIX platforms.

The data collected via CA Audit is then sent to the Security Command Center, which analyzes and monitors events to aid in threat response. The command center can correlate and uncover patterns to failed logon attempts and analyze database and mainframe data to expose patterns that could be suspicious. The results are displayed on a single, centralized console that can be customized based on a user's role.

NOTABLE CA's 17 percent market share in 2006 was tops in the SIMs space, according to Gartner.


UTM
Unified threat management appliances


[GOLD]

Cisco ASA 5500 Series Adaptive Security Appliances
Cisco Systems

Cisco Systems' ASA 5500 Series Adaptive Security Appliance received the gold medal from readers for its breadth of security features that include a firewall, SSL and IPsec VPNs, intrusion prevention, voice and video security and content security.

The 5500 series of appliances supports SMB deployments (150 Mbps firewall throughput, 10,000 maximum firewall connections, 10 site-to-site and remote access VPN sessions and 256 MB of memory) to large data center implementations (10 Gbps firewall throughput, 2 million maximum firewall connections, 10,000 site-to-site and remote access VPN sessions and 12 GB of memory).

Firewall protection features identity-based access control and denial-of-service attack protection. Content management features include URL filtering, antiphishing, antispam, antivirus, antispyware and content filtering. The unified communications protection can inspect and apply policy to popular voice protocols such as SIP, H.323, MGCP and SCCP.

NOTABLE The ASA 5580 data center appliance, released in January 2007, is the most recent update to the line, and features Cisco's NetFlow v9 technology.



[SILVER]

SonicWALL PRO
SonicWALL

Readers liked SonicWALL PRO for its ease of installation and depth of optional security applications, earning it a silver medal.

SonicWALL's network security appliances conduct deep packet inspection and provide real-time gateway capabilities for protection from viruses, spyware, spam, Trojans and phishing attacks.

The application control features give an administrator the ability to stop the use of peer-to-peer and instant messaging applications. The appliance also addresses security for VoIP communications, supporting SIP proxies, H.323 gatekeepers and call servers.

The appliances use multiple cores to increase performance when conducting inspections.

SonicWALL also offers several ways to deploy the appliances based on the organization's preferences, with each configuration having a different impact on performance.

Desktop and server protection features address security by adding antivirus and antispyware protection for workstations and servers. The software will restrict Internet access on endpoints that do not have the latest signature or updates.

NOTABLE All SonicWALL PRO models include stateful packet inspection firewalls and unlimited file size protection.

UTM
Unified threat management appliances


[BRONZE]

Juniper Networks NetScreen and SSG
Juniper Networks

Readers rated highly Juniper Networks' NetScreen and Secure Services Gateway security features, and service and support from the vendor.

Both platforms include stateful firewall, IPsec VPN, deep-packet inspection IPS, antivirus, antispyware, antiphishing and antiadware protection, as well as Web filtering. The higher-end SSG and NetScreen boxes also offer network segmentation capabilities and different deployment options to enable integration with existing infrastructure and security.

The NetScreen 5 series supports up to 2,000 concurrent sessions, 75 Mbps of firewall throughput and secures VPN connections with triple-DES encryption. Protocol support includes POP3, SMTP, HTTP, IMAP and FTP.

The SSG 5 and SSG 20 series support 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN throughput.

NetScreen and SSG offer centralized management for administration of configuration and access rules, log storage and reporting.

NOTABLE Juniper's SSG platform was recently deployed at Tele2 Zakelijk, a telecom operator in the Netherlands. Tele2 Zakelijk provides Internet, voice and data services to businesses.


VULNERABILITY MANAGEMENT
Vulnerability assessment and management systems


[GOLD]

QualysGuard Enterprise
Qualys

Information security's biggest vendors may be claiming a stake in the vulnerability management market, but privately held Qualys isn't having any of it.

Taking the top prize in this category for the second consecutive year, QualysGuard Enterprise specializes in automated vulnerability identification and remediation for large organizations with thousands of devices across segmented and remote networks.

Readers once again gave the product high marks across the board, lauding its ability to quickly and accurately identify vulnerabilities, breadth of applications and devices covered, and the vendor's service and support.

Like many vulnerability management products, QualysGuard is spreading its wings beyond strict vulnerability management with a strong emphasis on policy compliance, specifically with new features to enable documentation, enforcement and audit for internal security policies, industry regulations and government mandates.

NOTABLE It's not all roses. Current Analysis research director Andrew Braunberg says Qualys and other key players know the standalone vulnerability management market is fading away. "I think a broader compliance management play will be an easier transition for them, and they've already started it."



[SILVER]

McAfee Foundstone Enterprise
McAfee

McAfee's vulnerability management product finished a close second, as readers noted its scalability, strong workflow and return on investment.

In addition to its baseline features, such as priority-based audit and remediation, discovery of unmanaged devices and its varied reporting options, version 6.5 of Foundstone Enterprise offers new scan management that enables scans to be run without selecting a specific scan engine. The latest edition can also import data from LDAP or Active Directory servers to more quickly identify IP addresses for scan configurations.

Perhaps most notable are numerous new policy audit features, such as Windows and UNIX host-scanning for predefined policy violations. The product also offers policy templates to help organizations check their compliance status against major industry mandates like SOX, GLBA, PCI DSS and FISMA, among others.

Current Analysis' Andrew Braunberg says McAfee wasn't quick to take advantage of Foundstone's technology following the 2004 acquisition, but that he's impressed by its new direction. "They were really a company that couldn't focus, but now they have this broad risk management play, and Foundstone was the start of that."

NOTABLE Foundstone On-Demand offers similar features via a hosted service.

VULNERABILITY MANAGEMENT
Vulnerability assessment and management systems


[BRONZE]

IBM Internet Security Systems Internet Scanner, Proventia Network Enterprise Scanner
IBM

Taking home an award for the second year in a row, IBM's set of vulnerability management products is at the core of Big Blue's security portfolio.

Its Internet Scanner application focuses on network-wide asset discovery, vulnerability assessment and reporting. The optional SiteProtector add-on can manage multiple instances of Internet Scanner, including scheduling, prioritizing and automating scanning events. It relies on vulnerability data from the ISS X-Force research team.

The company's set of Proventia Network Enterprise Scanner appliances offers both assessment and remediation elements. Beyond various asset identification, classification and assessment methods, the product offers remediation features like vulnerability prioritization, traditional and virtual patching via IBM's Proventia IPS system, and activity ownership, tracking, logging and reporting.

Available in two versions, the Enterprise Scanner 750 desktop can assess up to 250 assets per hour, while the 1500 rack-mounted unit can handle up to 800 assets per hour.

NOTABLE IBM acquired ISS for $1.3 billion in 2006.


WEB SECURITY GATEWAYS
Antimalware, content filtering and application control


[GOLD]

Barracuda Web Filter
Barracuda Networks

In a market where most Web security gateways have the common features of spyware protection, content filtering and application controls, differentiators are integration, installation and configuration. And that's just where readers rated Barracuda Networks' Barracuda Web Filter highest. The product also received high scores for ROI.

"With the Barracuda Web Filter, you don't have to maintain five or six different servers. Simply, you have one appliance that can be installed in 10 minutes," says Barracuda Networks product manager Sean Heiney.

System updates are made hourly by Barracuda Central, an operations center that allows engineers to catalog browsed Web sites and provide spyware protection.

The product's URL blocking is bolstered by a URL database with more than 50 site categories. The Barracuda Web Filter, which integrates with popular LDAP directory servers like Microsoft Active Directory, also has no per user license fee. "We sell them a box. It has a recommended capacity, but they can have as many users as they'd like," Heiney says.

NOTABLE Barracuda Networks is embroiled in a patent infringement case brought by Trend Micro, partly over the use of the open-source Clam AV engine in this product and others.



[SILVER]

McAfee Secure Web Gateway
McAfee

McAfee's offerings have always focused strongly on malware prevention, so it may not come as a surprise that the vendor's Secure Web Gateway received high ratings from readers on its ability to detect known and unknown Web-based threats.

The Secure Web Gateway uses McAfee's antimalware engine, and its antispam capabilities also detect phishing URLs that may come from malicious emails.

Readers also recognized the Secure Web Gateway's alerting system, which can report on-box or forward stats to McAfee's compatible ePolicy Orchestrator (ePO).

Its Web-filtering URL database is supplied by Secure Computing's SmartFilter, and according to McAfee, the Secure Web Gateway filters Web traffic at the rate of up to 200 Mbps.

The Secure Web Gateway uses McAfee's SiteAdvisor to examine site reputation and block connections to harmful sites. Active content scanning, which allows the removal of JavaScript or ActiveX content from pages, is also a major function of the filtering engine. It also blocks instant messaging and detects outbound connections to spyware-related URLs.

NOTABLE McAfee's 2006 acquisition of SiteAdvisor added URL reputation capabilities.

WEB SECURITY GATEWAYS
Antimalware, content filtering and application control


[BRONZE]

Trend Micro InterScan Web Security Appliance
Trend Micro

Readers gave Trend Micro's InterScan Web Security Appliance high marks for granular, flexible policy creation and enforcement, as well as for its ability to detect known Web-based threats.

Chip Epps, senior product marketing manager for Trend Micro, breaks down the InterScan Web Security Appliance's success into three parts: reputation-based Web threat protection, enforced malware scanning, and the validation of Java applets and ActiveX components. The product's reputation engine--and the feedback it receives from its network of customers--helps monitor domain registrations and allow the blocking of malicious content before it reaches the gateway.

Using reputation filters on inbound and outbound traffic allows the product to stop malware like botnets from connecting to known suspicious sites. The appliance also analyzes mobile code and scans inbound content for malware.

NOTABLE Trend Micro's Damage Cleanup Service is an additional option for endpoints whose health needs to be restored; the add-on removes malware and repairs system registries and memory.


WIRELESS
Wireless firewalls, access control and security systems, and IPSes


[GOLD]

SonicWALL TZ 190
SonicWALL

Readers gave SonicWALL TZ 190 high scores in access control, intrusion detection and migration, ROI, vendor support, ease of installation and integration with wired security management systems, earning the product the gold in this category.

SonicWALL TZ 190 includes several unified threat management (UTM) features, such as gateway antivirus, deep packet inspection firewall, antispyware and antispam, combined with the ability to connect to 3G wireless broadband networks via an approved wireless broadband PC card.

The option of using cell phone networks as a backup connection enables organizations to utilize DSL as their primary connection, but if the DSL fails, there is still a working connection, which increases reliability, says John Gordineer, product line manager at SonicWALL.

The device is centrally managed via SonicWALL's Global Management System, which allows administrators to perform simplified configuration, enforcement and management of global security policies, VPN and services.

NOTABLE SonicWALL has been aggressive in the last two years, acquiring LassoLogic, enKoo, MailFrontier and Aventail, while expanding its target market from a strict SMB focus to larger enterprises.



[SILVER]

Cisco Wireless Security Suite
Cisco Systems

Readers applauded the Cisco Wireless Security Suite for its scalability, integration with wired security management systems, vendor support and granular and flexible policy creation, earning the product the silver medal.

The set of products provides intrusion detection, an integrated authentication framework and scalable centralized security management. WPA and WPA2 security is supported for authentication and data encryption.

The solution allows IT organizations to take readings and monitor what is in their airspace, whether there are threats, rogue access points, and more, says Chris Kozup, senior manager of mobility solutions at Cisco.

Cisco offers three wireless security solutions: a PCI product for retail environments, aiding in compliance with the PCI DSS; a version of Cisco NAC for wireless networks; and a policy and compliance solution that helps companies align IT networks and systems with business strategy and policy.

NOTABLE Cisco acquired Cognio last September to boost its wireless security efforts by, among other things, detecting and mitigating sources of RF interference.

WIRELESS
Wireless firewalls, access control and security systems, and IPSes


[BRONZE]

Netgear ProSafe Wireless VPN Firewall
Netgear

ProSafe VPN Firewalls combine 802.11g wireless access, IPsec VPN, NAT router and an eight-port Fast Ethernet switch in one package. Readers gave the series high marks, lauding its attacker detection, access control and wired security management system integration features.

The FWG114P version includes a stateful packet inspection firewall, deep-packet inspection IPS, denial-of-service protection and logging, reporting and alert features.

Netgear's DGFV338 and FVG318 editions also feature IPsec VPN (eight dedicated tunnels) and a stateful packet inspection firewall to monitor for denial-of-service attacks, URL filtering, replay attacks and more. The DGFV338 is suited for small business and remote offices. The FVG318 is also for small networks, but can be integrated into larger environments.

NOTABLE Netgear expanded its portfolio in the SMB market, acquiring Infrant Technologies, a storage vendor catering to small businesses and home users with its ReadyNAS network attached storage line, which implements RAID data protection.


EMERGING TECHNOLOGIES
Cool new technologies that will make a difference


[GOLD]

Momentus 5400 FDE.2 Hard Drives
Seagate Technology

Data has legs. As a result, in the wake of one spectacular incident after another, mobile device encryption products are drawing lots of interest.

While attention has been on software-based encryption, hardware encryption has arrived. Seagate earns Information Security editors' gold award as the top emerging technology. It was first out of the gate last spring, with its groundbreaking Momentus 5400 FDE.2 hard drives, shipping first on ASI Computer Technologies laptops, but now available on select Dell computers. Hardware-based encryption solves performance issues, and moving keys into hardware makes encryption easier to implement and manage. The drive leverages a hidden partition that stores crypto keys and Trusted Drive Manager applications from partner Wave Systems.

Beyond laptops, Seagate is working with partners IBM and LSI to bring enterprise-class encrypted drives into data centers later this year.

Drive-based encryption is one of two major hardware options. Intel is expected to launch its chip-based encryption, code named Danbury, sometime in 2008.

Even software-based encryption vendors agree hardware is the future, with their role focusing on key and other management services for Seagate, Intel and other hardware solutions.



[SILVER]

SecurityReview
Veracode

[Silver] Application security is no longer an afterthought. Vulnerable apps are a prime--if not the prime--attack vector for getting to customer information, intellectual property and sensitive corporate data. Application development is complicated by outsourcing, which cuts costs and delivery time, but greatly increases risk.

Veracode's unique approach to application security as a service (SaaS) is tailor-made for the new development environment, which is why its SecurityReview services earned the silver award. Before the service solution, companies had two options. They could buy still-maturing application security analysis tools--a market validated when IBM and HP acquired Watchfire and SPI Dynamics respectively--or pay for very expensive consultant code/application review.

Veracode combines strong technology and an attractive model. It scours compiled code, analyzing binaries for vulnerabilities that can be exploited. This means companies can secure their applications without exposing source code to outsiders, a particular concern in an age of distributed, outsourced development. The SaaS approach is an attractive alternative to pricey consulting and allows customers to have applications, outsourced pieces of applications, or even applications they are considering buying analyzed for security flaws.

EMERGING TECHNOLOGIES
Cool new technologies that will make a difference


[BRONZE]

OmniAccess 3500 Nonstop Laptop Guardian
Alcatel-Lucent

The workforce is becoming more and more mobile every day. That's hardly news, but the problem of maintaining the security posture of laptops that are beyond the reach of corporate IT for days, weeks or months continues to bedevil enterprises.

That's why the impressive technology behind Alcatel-Lucent's OmniAccess 3500 Nonstop Laptop Guardian is so attractive, and why it earned the bronze award.

The device is remarkable in that it gives IT managers uninterrupted, secure access to employee laptops--even when they're turned off. Imagine your laptop getting the latest patches or AV updates from headquarters in Boston while you sleep in your hotel in Singapore or while you're on vacation.

Laptop Guardian is a wireless 3G device, which allows round-the-clock monitoring and updating. The CardBus PC card has a processor, flash memory and a rechargeable battery that draws power from the laptop. It features strong authentication and single sign-on through Active Directory integration. It integrates with open-source TrueCrypt for disk encryption and supports 3DES and AES for VPN.

The device is marketed primarily through carrier channels. It's primarily aimed at the enterprise market, but Alcatel-Lucent says it has seen strong interest from SMBs.

EMERGING MARKETS
DLP, Database Security and Risk and Policy Management

Though they lacked sufficient responses to merit awards, these important security tools are making their presence felt.


Data Loss Prevention

After coming down a bit from the top of the hype curve, data loss prevention (DLP) is showing signs of maturing as a market.

There has been a flurry of consolidation. Some of the biggest security companies--particularly among endpoint security vendors--validated this market through major acquisitions in the last year or so. The list is striking: Symantec (Vontu), Trend Micro (Provilla), EMC/RSA (Tablus), Raytheon (Oakley Networks) and Websense (PortAuthority). McAfee started the buying stampede by acquiring Israeli company Onigma.

The presence of Symantec, McAfee and Trend Micro in the market underscores the growing focus on the point of data creation, as well as the early attention on monitoring outbound traffic at network egress points. Some vendors, such as Verdasys, base their core technology on monitoring endpoints. They are among the independent companies in the DLP market space, including Vericept, Reconnex, Code Green, Fidelis Security Systems, Workshare, Orchestria, GTB Technologies and Palisade Systems.

Regulatory compliance is the primary driver behind companies' interest in buying DLP products, particularly with laws governing the disclosure of breaches involving customer information--at its most basic, flagging suspicious outbound lists of social security and/or credit card numbers. In a survey of security professionals by Enterprise Strategy Group, 72 percent of respondents cited government regulations as the key reason for protecting their data, while 62 percent expressed concern for intellectual property. In addition, 53 percent cited industry regulations and better corporate governance.



Database Security

Databases were once secure simply because they were locked away in data centers, pretty much beyond the reach of hackers. No more. Porous Web-based apps expose customer information and sensitive corporate data, continuously open to attack via the Internet and extranets.

Nonetheless, the prime drivers for the database security market have been regulatory compliance first, security second. For the most part, we're talking about database monitoring/ auditing tools from companies like Guardium, Imperva, Tizor Systems, Lumigent, IPLocks, Sentrigo, Embarcadero Technologies and RippleTech. More recently, Symantec has helped validate the market, introducing its own product about 18 months ago.

To a lesser extent, this space includes database encryption, from Protegrity, Voltage, Decru (EMC), nCipher, Vormetric and BitArmor (Ingrian was recently acquired by SafeNet), and vulnerability assessment from the likes of Application Security, Inc. and Next Generation Security Software.

Native database security from Oracle, Microsoft and others has improved, especially in role-based access controls, but lacks the auditing capabilities and cross-platform reach of these third-party tools.

EMERGING MARKETS
DLP, Database Security and Risk and Policy Management


Risk and Policy Management

Not long ago, notions like policy compliance, risk management and governance were not generally well understood relative to information security. That's changing, thanks to debacles like Enron and WorldCom, data breaches and the maturation of information security as a function of business.

This is not an easy market category to define. Configuration/change management vendors like Configuresoft, Ecora and Tripwire gather information from diverse systems and automate workflows and reporting for operational use and compliance.

At a higher level, IT governance, risk and compliance (GRC) tools operate as control centers for all forms of information, whether gathered directly from systems, from other security/ compliance tools (VA scanners, database monitoring, SIMs, etc.) or through questionnaires and reports generated by managers. Symantec, Archer Technologies, Brabeion, Agiliance, Modulo, Polivec and others fall generally into this category.

In its MarketScope for IT GRC, Gartner estimated software license revenue at $73 million in 2007, and predicts a 70 percent increase this year.

This was first published in April 2008

Dig deeper on Security Resources

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close