This article can also be found in the Premium Editorial Download "Information Security magazine: Spotlight on the incident response hot seat."
Download it now to read this article plus other related content.
We tested the products for ease of installation; our goal was to get them up and running quickly without tech support. ENDFORCE, Senforce, Sygate and Check Point run on Windows Server 2003, and required SQL Server (Sygate supports Oracle as well), IIS and an SSL certificate.
Sygate's documentation and wizards made for the smoothest installation; we were basically able to install the product by answering a series of on-screen questions.
Check Point's documentation and wizards were almost as sharp, helping us install the policy server without incident. However, the agent installation caused an XP Pro workstation to crash during the reboot. Check Point hasn't received similar reports, and its tech support was unable to reproduce the error.
StillSecure's agentless system was easy to install and used a Linux-based script to build the policy server.
Although it comes packaged on a hardened Linux server, InfoExpress' CyberGatekeeper was the most challenging installation, requiring professional support because of its unique architecture; the technical staff deftly walked us through the installation over the phone. The complexity lies in InfoExpress' server working directly with switches and routers. Setting up VLANs manually on switches and mapping them to the production and quarantine areas of a network are painstaking processes. If your infrastructure supports 802.1X, the job becomes substantially easier; the InfoExpress agent simply communicates to the 802.1X infrastructure, letting the switching intelligence determine the configuration.
ENDFORCE's poor documentation made installation quite difficult. At some points, we had five different documents open. It was easy to miss important steps, such as Web certificate installation, because the instructions were buried inside a paragraph. As a result, we made good use of its knowledgeable technical support staff.
Senforce's quick start guide was insufficient, but the combination of tutorials on the installation CD and the admin guide enabled us to complete the installation without technical support.
The scalability and flexibility of these products varied with their host OS and depended on whether they used an agent or agentless architecture. StillSecure's agentless design makes it highly scalable, particularly if it's deployed in front of DHCP servers, enforcing access by preventing the workstation from obtaining an IP address to the production network; it's a much more efficient network access control method than relying on an agent. StillSecure can also be deployed as an inline gateway, using its firewall to control network access.
All of the tested products except Senforce have a failover capability to assure 24/7 uptime. All provide LDAP support, which enhances enterprise scalability.
InfoExpress' wide range of client support offers a distinct advantage for heterogeneous environments.
This was first published in March 2005