Vital Security Appliance NG-1100
Finjan Software
Price: Starts at $2,950
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
 |
|
|
|
|||
|
|
|
|
|||
|
|
Finjan Software's Vital Security Appliance NG-1100 | |
|||
|
|
|
|
|||
|
||||||
|
|
|
|
|||
|
|
||||||
|
||||||
|
|
|
|
|||
|
||||||
|
||||||
In a time when Internet-based business is almost every organization's lifeblood, Finjan Software's Vital Security Appli-ance NG-1100 package of proprietary and third-party gateway security modules gives SMBs strong content protection and defense against zero-day exploits.
Finjan's technology differentiates legitimate application behavior from malicious content by identifying the activity of the application before it runs on a host. This Next Generation Application-Level Behavior Blocking deters known and unknown threats at the perimeter; it includes extensive signatures of script (VB and Java) behaviors and binary threats (Java Applets, ActiveX and executables). Careful examination of anomalous events compared to those listed in Finjan's exhaustive database help NG-1100 determine if the action is valid or possibly malicious.
In our lab, we ran assorted VBscripts, ActiveX controls and executables--both legitimate and malicious. Finjan prevented malicious actions, such as changes to the registry and spyware "phoning home," while safe applications, such as installing software and customized program automation scripts, were allowed to proceed.
Equally impressive in coverage are the antivirus and URL-filtering modules, which are offered through third-party partnerships with Sophos, McAfee, Secure Computing and SurfControl.
Additionally, Finjan offers extensive list management for content control such as allowing large uploads/downloads, whitelists/blacklists and timeframe locks.
Centralized policy management and enforcement has become key in security, and Finjan offers a detailed set of default policies and customized controls in the NG-1100 Policy Server. Rule and engine status can be quickly viewed, edited and assigned. Although rules were generally highly customizable, we felt some of them lacked obvious choices common to most organizations. For example, when we attempted to modify Blacklisted File Extensions for instant messaging, the only options offered as exceptions to the rule were MSN and Yahoo IM clients.
The device can be set up and administered through either a graphical Web interface or console connection, but lacks the ability to access via Telnet or SSH as competitive products do. In a matter of minutes, an easy-to-follow wizard walked us through the setup of the appliance's security modules and network settings.
NG-1100 offers Web, audit and system logs with extensive detail fields like IP, URL, action, URL category, protocol, behavior profiles (script and binary) and AV events. Administrators can drill down into specific trends with the ability to filter on each field. Customized log displays can be set up to provide targeted monitoring for items such as suspicious behavior and non-business URLs.
This was first published in September 2005