Breach breaks out administrative tasks into two groups as well--system administrators with access to everything, and site administrators who only have rights to sites assigned to them. Additionally, Breach includes two view-only accounts--a Super Viewer who can see everything and a Viewer with read-only access to sites to which they are assigned.
Assigning sites was effortless, as all active sites are displayed in one window and could be assigned with a mouse click.
Security Policy Control
The real power behind these products lies in their ability to let organizations control access to dynamic applications. Unlike traditional network firewalls that simply permit or deny packets based upon policy, application firewalls must deliver more sophisticated control at the application layer through a variety of contextual rule sets and behavioral analysis.
All of the products included some sort of learning function, either the automatic learning of URLs or learning behavior and traffic patterns. Another significant policy designation was the firewall's ability to operate in a transparent mode, which allowed us to fine-tune actions prior to initializing full security measures, such as blocking and redirecting.
Breach provided the most predefined policy set out of the box, covering known attacks against popular applications such as IIS, Apache and SQL. We are skeptical that its controls have the robustness to be effective against unknown attacks.
The console isn't as complex or icon-driven as the other products, but is laid out in a way that let us drill down through our applications and review and set policies. Best of all, it provided one of the best visual interfaces along with information about security events.
We were particularly engaged by the use of Breach-Marks--regular expressions or custom strings used to identify sensitive information, such as credit card numbers.
