Published: 28 Nov 2008
| MOBILE SECURITY
The GuardianEdge Data Protection Plat-form addresses the challenge of securing data wherever it resides, with centrally managed security on computers, mobile devices and portable storage. It offers hard disk and removable storage encryption, device control, advanced authentication and smartphone protection.
The Server and Manager Console software provides framework to create custom application deployment packages for clients through wizards, including policies for hard disk and portable storage encryption. Granular device, port and access control leverages Active Directory.
The management console has a basic Microsoft Win-dows design with a hierarchical tree. GuardianEdge also installs a Microsoft Management System snap-in as a management console option.
GuardianEdge offers flexible policy control; we were impressed by the complete ease with which policies were created and modified through multiple channels.
Policies are deployed to clients through AD Group Policy or a third-party tool for distributing software. Implementing and editing policies was easy, in contrast to the obscure and tedious methodologies on many similar products. GuardianEdge provides granular control over ports, devices, storage and wireless adapters, as well as specific logging, alerting and encryption controls. Client-based policy enforcement includes an anti-tampering feature that we were unable to circumvent.
Although GuardianEdge provides all the endpoint control security features found in competing products, it's limited to Microsoft systems.
It covers all the bases of endpoint device protection, including defense against hardware-based keyloggers, autorun blocking for executables stored on portable media, and tight controls for physical and wireless ports.
Data shadowing allows all information accessed by a specific port or device to be recorded.
The device control component's audit feature let us quickly discover specific items on our network. We set up filters to identify machines with wireless adapters on the entire network, by network segment or by individual computers, then created an inventory spreadsheet.
Encryption covers all the bases for security, compliance and usability, including a self-service password recovery feature. GuardianEdge supports AES 128 and 256, multifactor authentication and kernel-level authentication prior to booting from an encrypted hard disk.
However, neither hard disk nor removable storage encryption functioned well on our Vista test systems.
GuardianEdge delivers comprehensive logging and reporting without any extra snap-in or software.
Responding to regulatory requirements, some companies have become overzealous in their logging; this is one product you don't want to do that with. Given the wide range of security GuardianEdge covers, it's easy to become quickly overwhelmed by logging everything.
Administrators can keep track of policy-controlled events through the Windows System Event Viewer, reports created through the Windows Group Policy Management console or through a Client Monitor Watchlist.
Extensive support for Windows snap-ins creates a familiar environment for administrators to quickly integrate logging and reporting into standardized distribution channels, such as SNMP.
GuardianEdge delivers easy administration, acceptable security and automated logging for Microsoft clients.
Testing methodology: We deployed GuardianEdge Server and Manager on Microsoft Windows Server 2003 with Active Directory and tested using a variety of devices running Windows 2000, XP and Vista.