|
GOLD | Cisco PIX Security Appliance Series
Cisco
Price: $40,000
Cisco has been in business for more than 20 years and is emerging as a security powerhouse to be reckoned with, especially as security merges more with network operations in the enterprise.
"Cisco has been benefiting from recent market changes," says Jon Oltsik, a senior analyst with market research firm Enterprise Strategy Group. "The networking group is having a larger say in the purchase of security products, and that has translated into more success with its security products."
There may not be better evidence of Cisco's emergence than readers giving its PIX appliance series the gold medal in the network firewall category, a narrow victory over standby Check Point's FireWall-1.
High marks from readers were concentrated on the most important duty firewalls perform: keeping hackers outside corporate networks. Readers noted Cisco PIX's ability to block intrusions, attacks and unauthorized network traffic, in addition to its application-layer/protocol/HTTP controls. Also, Cisco scored well for its service and support; logging, monitoring and reporting; integration with other network defense/management tools; central management; and ROI. Readers weren't as complementary with the product's ease of installation, configuration and administration.
Cisco's PIX Security Appliances integrate a range of firewall services and feature stateful inspection that tracks network communications and prevents unauthorized network access. The product includes attack protection features such as TCP stream reassembly, traffic normalization, DNSGuard, FloodGuard, FragGuard, MailGuard, IPVerify and TCP intercept. The Cisco line also wards off DoS attacks, fragmented breaches, replay advances and malformed packet forays. The system provides real-time alerts to administrators, so companies can immediately take steps to oust intruders.
Recently security has been moving away from being viewed solely as a network issue and inching higher up the protocol stack; it is often viewed now as an application level problem. Cisco's PIX products deliver application layer security via intelligent, application-aware inspection engines. These gather application and protocol knowledge and use it to make decisions about providing access and information to different users and applications. The device's security enforcement technologies include protocol anomaly detection, application and protocol state tracking, network address translation (NAT) services, and attack detection and mitigation techniques, such as application/protocol command filtering, content verification and URL deobfuscation.
Corporations have a wide variety of devices connected to their networks, and managing them can be problematic. Administrators can integrate Cisco PIX security appliances into switched network environments by taking advantage of native 802.1q-based VLAN support. Cisco IP phones automatically register with Cisco's CallManager software and download needed configuration information and software images.
SILVER | Check Point FireWall-1
Check Point
Price: Starts at $3,000
Check Point FireWall-1 is a fixture inside the Fortune 100, and nearly all of the Fortune 500. Readers rated highly its ability to block intrusions, attacks and unauthorized network traffic. They also noted its central management functions in this category.
FireWall-1 provides access control, attack protection, application security, intrusion prevention, content security, authentication, quality of service, and network address translation functions. In addition, Check Point developed the Open Platform for Security (OPSEC) standard so other vendors' products can be integrated into the firewall, and extend its functionality.
BRONZE | Microsoft ISA Server
Microsoft
Price: $5,999 per processor
Microsoft ISA Server earned the bronze medal with high marks for installation, configuration and monitoring capabilities, as well as for its integration with other security and management applications. ISA Server is now part of Microsoft's Forefront Edge Security and Access Suite, along with the Intelligent Application Gateway introduced in February at the RSA Conference. Microsoft added a bevy of features to ISA Server 2006, including new support for Exchange 2007 for enhanced remote access; a new flood resiliency feature and remediation against flood and other DDoS attacks; and support for LDAP, allowing ISA to authenticate to Active Directory without being part of the domain.
|
