InterScan Web Security Suite 2.5
Price: Starts at $20.16 for 5-25 seats
Increasingly, enterprises are looking beyond traditional desktop AV to stop Internet-borne threats--viruses, worms, identity and data theft, and employees' sometimes promiscuous browsing habits. Trend Micro, well known for desktop AV, offers a strong gateway product, InterScan Web Security Suite, to complete the one-two punch against attacks.
We found that the suite is an effective security tool with strong central management and highly flexible policy controls. In our lab tests, InterScan stopped sample EICAR attack files and allowed us to safely navigate a number of Web sites with ActiveX and Java content. Filtering Java and ActiveX applets provides protection against execution-based threats; if Java and ActiveX are blocked, permitted sites containing such content can be allowed by policy. We found that blocking all active content and then creating a policy to allow specific sites requiring it was straightforward enough.
The management console is easy to use and intuitive. The blocking features work quite well and provide good reporting and messages that allow for responsive and active management of users' Web activity. The suite provides centrally managed policies for scanning HTTP, FTP and e-mail traffic against machines designated through LDAP or by ranges of network addresses and host names. Basing policy on existing directories, even multiple domains, simplifies administration.
The URL-filtering option provides detailed administrative control. We found it easy to customize, adding to the 50 or so built-in subcategories ranging from adult sites to gambling sites. Trusted URLs can be defined to reduce scanning overhead. Security managers are notified of threats via e-mail or SNMP traps; user messages provide information that can reduce help desk calls by explaining that the failure to access a site is due to filtering and not a malfunction.
Administrative control can be applied at different levels to provide blocking or access privileges to groups or users. Usage limits can be imposed within a given time period, and users going over their limit can be blocked from further Web surfing.
Trend's scanning engine, which has advanced through several generations, provides efficient performance through such techniques as scanning specific parts of files known to be used by various threats. We didn't notice any appreciable slowdown in several large downloads in our testing using Windows Server 2003 on a 3.2 GHz processor with 1.5 GB of RAM. Files can also be excluded from scanning.
Individual pattern files for viruses, spyware/grayware, URL filtering and Phish Trap (blocking of known phishing sites) are regularly updated and can be downloaded by schedule or on demand.
Reporting provides extensive information on employee usage habits and allows identification of items such as most visited sites, most violations by user or group, and most blocked objects and sites.
Multiple security domains are supported, and a server in a master role can be used to centrally manage policy for distributed servers, providing scalability for large enterprises. Remote installation and Web-based management is also supported.
Stopping malware and Internet-borne attacks has gone well beyond desktop AV signatures and telling users not to click on attachments. With strong gateway protection, InterScan Web Security Suite helps block a major attack vector and saves users from the bad guys--and themselves.
This product review appears in the November 2005 issue of Information Security magazine.