Published: 01 Oct 2008
| WEB SECURITY
Network Composer is a security and visibility appliance focused on controlling and monitoring end user traffic passing through the network perimeter to the Internet. We tested the DC10, Cymphonix's smallest appliance, supporting 250 users.
Network Composer classifies users (or systems) into groups, to which it applies rules. Rules can include application blocking and traffic shaping, as well as antimalware threat protection and URL-based content filtering.
It strikes a good balance between too much flexibility and ease of use, with a strong set of default policies and groups. For example, it defines seven groups, ranging from "deny access" to "monitor only," in which you can move users and systems, all with predefined access control policies.
Groups can be defined based on the normal IP and subnet definitions you'd expect, or user information stored in Active Directory, which requires a small client on each workstation.
The Web-based management system requires Internet Explorer and refuses to run with Firefox. Deployment is simple, because Network Composer sits transparently between the end user network and the perimeter firewall.
As long as you stick with the 14 built-in categories, such as "Web filter and anonymous proxy guard" or "Web filter plus IM plus SSL filter," setting things up for control and management is easy.
We pushed a little harder into customizing existing policies and ran into a poorly designed GUI (with some bugs) that discourages the effort. We also found some design limitations around VLANs, which are not supported, and large networks, because only static routing is supported.
Network Composer did a great job of catching viruses and malware from our library of recent samples, as long as we downloaded using HTTP over port 80.
In normal protection mode, Network Composer misses threats on non-standard ports and for other protocols, such as SMTP and FTP. However, if we put the Network Composer into strict blocking mode, it identified non-standard HTTP and blocked it--viruses or not
A nice feature is the ability to scan HTTPS traffic, but look for those high-end models with encryption acceleration if you want to use this feature. Network Composer can intercept SSL-encrypted traffic and splice together two connections to enable it to decrypt and scan traffic. This all depends on the system manager giving Network Composer a digital certificate.
Control features include the standard gamut of URL filtering (with the option to add your own block list and pass lists) and detection of other filtering avoidance techniques such as anonymous proxies, as well as traffic shaping and specific application blocking.
Network Composer shines in its ability to give visibility into network traffic. It slices and dices by user and user group, by application, usage level and threat. It gives amazing visibility into traffic and usage, such as where your Internet bandwidth is going, what people are saying via IM and what applications are running, Network Composer provides this information through its Web-based dashboard, for real-time information and drill-down, as well as through a reporting system that lets you run short-term or long-term reports whenever needed. A library of common report templates comes preloaded, or you can define your own reports.
Network Composer is well suited to organizations looking to gain strong visibility into network traffic, and to supplement an existing firewall and antivirus tools.
Testing methodology: We put the DC10 into a live network between a group of 150 DSL users and the Internet in monitor-only mode for one week and evaluated the network visibility aspects of the product. Then, we ran specific tests to evaluate the security protection capabilities of the DC10.