Enterprise Threat Shield 3.0
Price: $11.40 per user for 500 users
Dependence on Internet connectivity and your users' minute-by-minute exposure to malicious apps such as spyware and Trojans put your company at risk. SurfControl's Enterprise Threat Shield (ETS) attacks the problem from both ends, protecting clients against compromise while monitoring and limiting your users' Internet activity.
ETS employs agent technology to monitor Windows clients, but the focus is on machines logged into the network--there's no offline protection if the device is rebooted away from the network. The ETS server loads the agent directly into memory when the device is booted on the network. No client installation is needed, and the agent runs in stealth mode, transparent to the user. The agent will remain active in memory if the network connection is lost, but it's gone once the user shuts down.
The trade-off is that there's no need to manage yet another piece of client software. And machines can be monitored and scanned as soon as users log back in.
Malicious applications are detected by comparing files and applications against ETS's signature database of spyware (key loggers, adware and Trojans), games, and IM and P2P applications.
The agent performs real-time monitoring for downloading, copying and executing unauthorized files or applications. When a violation is detected, ETS can send an e-mail notification, make a log entry, display a warning to users, delete the file or terminate the application, depending on policy.
The other side of the coin is user activity. ETS can measure the time users spend on specified Web sites and deliver detailed reports on Web-surfing habits. ETS can also identify and report on the use of music and video files on managed clients and can prevent downloads, if policy dictates.
Security managers can establish very granular policies that include or exclude specific times, users, groups, files and/or folders. For example, we created a policy that allowed employees in the marketing department to access IM applications only during lunch. ETS can retrieve groups, users and clients from Active Directory, NT4 domain servers and Novell Directory Services.
ETS detected and responded to all the malicious applications we threw at it. However, some common games (e.g., Spider Solitaire) and hacking tools (e.g., Brutus) are apparently not in its default threat data-bases. We were unable to search the SurfControl signature database to see what's covered and what's not. To detect such applications, we had to use an ETS tool to add custom threat databases.
ETS server installation on a Windows 2003 Server was easy thanks to the well-designed interface and clear documentation. We quickly established a series of policies and pushed them to managed agents. We found it easy to deploy and update agents. Logging is quite detailed and reports are useful and well designed. Trend and summary reports can be exported as PDF, Word or Excel documents, or accessed via an Internet Explorer Web browser from remote computers.
Despite the lack of offline policy enforcement and some relatively minor issues, SurfControl's ETS is a viable choice for stopping spyware and controlling potentially dangerous user practices.
This product review appears in the November 2005 issue of Information Security magazine.