Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Products of the Year 2006

Antispyware; Antivirus; Authentication; E-mail Security; Identity & Access Management; Intrusion Detection; Intrusion Prevention; Network Firewall; Remote Access; Network Security Management; Vulnerability Management; Wireless; Emerging Technologies

You evaluated. (310 information security products)  We tallied. (890 readers' votes)   They won.

Desktop and gateway enterprise antispyware products

Desktop and gateway enterprise antivirus products

PKI, RADIUS and biometrics products; tokens and smart cards

E-Mail Security
Antispam, gateway AV, e-mail encryption and content-filtering products

Identity & Access Management
Web SSO, provisioning, directories and password management products

Intrusion Detection
Signature- and anomaly-based host and network IDS products

Intrusion Prevention
Inline and offline network IPS products

Network Firewall
Appliances and software-based network firewall products

Remote Access
IPSec, SSL VPN and thin-client products

Network Security Management
SIM/SEM, configuration, policy and security device management, and change control products

Vulnerability Management
VA scanners, and automated patching/remediation and vulnerability risk management products

Wireless IDS/IPS, access control and rogue detection products

Emerging Technologies


Information Security & Products of the year 2006
ANTISPYWARE Desktop and gateway enterprise antispyware products

An Eye For Spies

Ad-Aware SE Enterprise Edition gives organizations the power to stop malware in its tracks from a central management control point.
Ad-Aware SE Enterprise Edition

As spyware becomes increasingly prevalent, antispyware tools are becoming more a necessity than a luxury. For this and many other reasons, we now recognize antispyware in our Information Security/ Products of the Year.

In today's environment users can deploy multiple antispyware tools to catch malware and protect individual systems. Lavasoft's Ad-Aware SE Enterprise Edition makes great strides in address-ing both issues. Its ability to stop spyware, and its central management tool earn our gold medal in antispyware.

Long familiar to home and office users for its free and professional versions, Lavasoft has stepped up to the plate with an enterprise security product. Ad-Aware SE Enterprise Edition is essentially Lavasoft's Ad-Aware Professional Edition bundled with Ad-Axis Manage-ment Console. Ad-Aware SE Professional Edition runs on network clients and features customizable scan scheduling, quarantine support and automatic reference file updates on startup.

Ad-Axis Management Console provides centralized management for each client; you can centrally manage software updates and client scans.

One of the problems with protecting systems from spyware is defining exactly what you should be defending against. Ad-Aware helps meet that challenge head-on by protecting against a host of malware, including browser hijackers, data miners, dialers, DLL injection, keyloggers and tracking cookies.

And, Ad-Aware provides real-time protection with Ad-Watch. Running silently in the background, Ad-Watch aims to catch malware before it integrates into systems. Code Sequence Identification technology helps detect both known and unknown variants through the use of definition files and proactively scanning clients for spyware-like behavior. Once spyware has been identified, you can then block cookies and pop-up ads, and lock startup sections of the registry. Organizations also have the ability to edit the included pop-up blacklist and configure Ad-Watch to permit changes to the registry.

In short, Ad-Aware SE Enterprise Edition gives enterprises what they need in antispyware--the power to stop malware from a central point of control.

eTrust PestPatrol Anti-Spyware

We miss PestPatrol's familiar bugs crawling across our monitors. But as one of the first enterprise-level antispyware products, PestPatrol continues to win strong user support after its acquisition by CA, especially for performance, with praise for security and overall quality.

McAfee AntiSpyware Enterprise

It's not just about viruses--McAfee shows it's more than a power player in the AV market, demonstrating leadership against spyware, receiving good user ratings for security, performance, feature set and overall quality.

Information Security & Products of the year 2006
ANTIVirus Desktop and gateway enterprise antivirus products

Bigger and Better

"Symantec is better than most because of market share, which equates to research and development dollars."

Symantec AntiVirus Corporate Edition

Bigger doesn't always mean better--but the Symantec Anti-Virus Corporate Edition is both widely used and highly effective. In our survey, readers showered it with superlatives like "the best for the desktop," "legendary" and "excellent for our needs," earning it the gold medal in antivirus.

Symantec's AntiVirus Corporate Edition is actually a suite of products that protects against viruses, worms, spam and spyware, and filters content. The technology is deployed on network and e-mail servers and individual workstations, offering virus-fighting capabilities from the gateway to the host.

At a time when malicious code is becoming more nimble and complex, businesses say they need an AV offering that can outrun and outthink attackers. Users applaud Symantec AntiVirus Corporate Edition's frequent signature updates and say that the company's size actually gives its products an edge. "Symantec is better than most because of market share, which equates to research and development dollars," one respondent comments. As a sign of its ongoing innovation, Symantec recently received a patent for its histogram-based malicious code detection technology, which prioritizes various behaviors to quickly detect whether a piece of code poses a threat. Also, Symantec's new tamper protection feature defends against viruses that attempt to disable security mechanisms.

Symantec also receives high marks for its user interface and administrator-friendly touches, such as centralized configuration, installation and logging. While these features are common to most AV offerings, one user called Symantec AntiVirus Corporate Edition "precise and dependable." Users also appreciate the high quality of Symantec Security Response, a team of security engineers who evaluate threats, update signatures and warn customers of significant risks. And, valuable in an increasingly mobile world, Symantec includes a client compliance technology to make sure all devices connecting to the network through a VPN meet established security policies.

These days, though, the key to Symantec's success may be its integrated approach. At a time when infosecurity departments are overseeing relationships with dozens of vendors and managing countless updates and upgrades, Symantec AntiVirus Corporate Edition seems to simplify things by including spyware and adware protection. Administrators set application-by-application policies via their antivirus management interface. They can automatically remove suspected spyware and clean up registries, files and load points after an infection. LiveUpdate technology sends admins a single update for viruses, malware and spyware.

"Good product, great support," one user noted. "I like that Symantec has integrated antispyware into its antivirus offering."

Sophos Anti-Virus

Tops in vendor support/service thanks to its "outstanding Web site." Users applaud a product that "works as advertised."

Trend Micro OfficeScan
Trend Micro

A "top choice" that's "getting better and better." Users give high marks for overall quality, citing its solid interface and small agent footprint.

Information Security & Products of the year 2006
Authentication PKI, RADIUS and biometrics products; tokens and smart cards

Not Just Token Praise

"There's no downtime. That's really why we chose RSA over the others. We needed that reliability."
RSA Security

With the threat of data theft and the demands of regulatory compliance, enterprises are clamoring for tools to ensure users accessing the network are indeed who they say they are.

Patrick A. Coté, information security officer for Houghton Mifflin Company, says RSA Security's RSA SecurID has proven itself as the best fit for his company. Others have reached the same conclusion, making it this year's gold-medal winner in authentication for the second straight year.

"With our prior system, you could really try to guess passwords," Coté says. "The whole password schema really wasn't very robust, so we looked for a two-factor authentication product." His department rolled out SecurID tokens in May 2005; by late December, 2,500 accounts had been established in a Unix environment. So far, he says, "not a single person has had trouble authenticating."

The tokens are used strictly for remote access. "Once the PIN is set up, if the token is used correctly there's no downtime," Coté says. "It's very reliable. That was really why we chose RSA over the others. We needed that reliability."

Users responding to the Products of the Year survey rate SecurID particularly high in the performance, vendor support/service, features and overall quality categories. One user SecurID calls it "the standard by which all others are judged." Another calls it a "first-rate and robust product." Others agreed with CotÉ that it is "very reliable."

Since 1986, SecurID has defined authentication, authorization and accounting, and still the SecurID system offers the application support, management/deployment capabilities, and a reputation for reliability and technical support that give it real-world utility in every type of enterprise.

While Coté has deployed it in a Unix environment, organizations can also deploy SecurID through a variety of hardware and software tokens for Windows workstations and assorted handheld devices and wireless phones.

SecurID's scalability is another critical factor, enabling large enterprises to deploy and manage authentication for millions of users and hundreds of apps through its Authentication and Deployment managers. The bundled Deployment Manager is automated, Web-based provisioning software that enables quick token deployment. Its self-service capability reduces the drain on IT staffs and help desks.

For SMBs, two-factor authentication is also available with the RSA SecurID Appliance, a hardened Windows box with embedded firewall functionlity designed for easy management.

Steel-Belted Radius/Enterprise Edition
Funk Software (Juniper Networks)

Authentication is where the rubber hits the road, and this RADIUS/AAA server for wired and wireless networks helps keep enterprises running smoothly and securely.

VeriSign Managed PKI Services

Trust is a cornerstone of security, and companies trust VeriSign, which won very strong survey approval for security, and good ratings for performance and overall quality for its range of PKI services.

Information Security & Products of the year 2006
E-Mail Security Antispam, gateway AV, e-mail encryption and content-filtering products

Getting the Message

"IronMail was one of the few pieces of security infrastructure that was a true win for us."

After winning users' trust, CipherTrust's IronMail has won a gold medal in e-mail security. Not only did the product come out on top, but it also received the highest overall score of all 60 finalists in our Products of the Year.

The reason is clear: IronMail offers superior quality, robust performance and a comprehensive feature set wrapped into one tight appliance.

For Franklin Warfield, senior messaging administrator for Cox Communications, it was CipherTrust's approach that won him over when he was evaluating e-mail appliance solutions more than two years ago. He chose IronMail because CipherTrust wasn't just interested in addressing the latest threat, but rather looking at spam holistically.

"The company was way in front of others. To them, spam is a threat on your network, not just some annoyance," says Warfield, who manages e-mail internally for the Atlanta-based company's 30,000 employees. "And, it doesn't rely on just one test, but looks at thousands of attributes."

Before IronMail, Warfield was spending 20 hours a week maintaining content lists. Today, time spent has dropped to three hours a week while the number of e-mails has grown from 1.5 million to 40 million per month.

CipherTrust has continued to raise the bar in terms of e-mail security, with a slew of introductions this year enabling security professionals to protect against unauthorized use of instant messaging, personal Web mail, blogs and VoIP services such as Skype with its IronIM, IronNet and IronMail Edge. The company has also bolstered its analysis and reporting and compliance capabilities. To keep its customers abreast of the latest attacks, CipherTrust has enhanced TrustedSource, its global threat correlation engine offering spam-blocking rates at close to 100 percent. Meanwhile, its ZombieMeter tracks botnet activity worldwide.

"CipherTrust's technical specifications actually matched its literature," says Donald Wasylyna, manager of information security for the H. Lee Moffitt Cancer Center and Research Institute. "There weren't services that conflicted with one another. Typically, you'll have five different features but not all five features can be used at the same time."

Wasylyna also finds the company's support and customer responsiveness to be excellent. "IronMail was one of the few pieces of security infrastructure that was a true win for us."

Barracuda Spam Firewall
Barracuda Networks

This fish devours spam and preys on viruses and spyware before they can prey on you. Barracuda Spam Firewall gets strong approval for performance, security and overall quality.

Symantec Mail Security 8200 Series

Combining the power of Symantec's leading antivirus and Brightmail antispam, the 8200 series of appliances is very highly regarded for overall quality.

Information Security & Products of the year 2006
Identity & Access Management Web SSO, provisioning, directories and password management products

A Clear Choice

"We have to comply with HIPAA. With ClearTrust, we can audit changes going back two years. It's nice, finely grained audit data."
RSA ClearTrust
RSA Security

"The struggle between security and usability is no greater anywhere than in health care," says Chris Gervais, senior research analyst/technologist for Partners Healthcare. Partners' challenge was to give community-based medical and administrative personnel easy, secure access to patient records throughout its extensive Massachusetts network of hospitals and clinics.

The solution, RSA Security's RSA ClearTrust, provided the convenient Web portal Partners needed, with the security that management--and HIPAA requirements--demanded. It's the kind of experience that spurred voters to make ClearTrust the gold-medal winner for identity and access management.

In the past, Partners' highly mobile employees had to rely on VPN access--which meant using digital certificates, sending out installation CDs and giving direct network access to laptops vulnerable to spyware and other malicious code. This was both a management burden and an impediment to adoption.

"Clinicians and admins use ClearTrust to arrange care; largely, it's made it invisible," says Gervais. "They know they log in to a secure site with strong credentials."

Partners had a history with RSA, using RSA SecurID for strong authentication. But what sold Gervais--and the organization's steering committee--on ClearTrust over other Web-based access management products was confidence that RSA would provide more functionality out of the box and could get up and running quickly.

"We had an aggressive timeline. Time to market was important," Gervais says. "RSA brought the necessary resources to bear."

Readers gave ClearTrust some of the highest grades across the board in our Products of the Year survey, with particular emphasis on security and performance.

ClearTrust provides Web-based single sign-on capability with highly granular and flexible access control policies through what RSA calls Smart Rules technology. Smart Rules allows organizations to leverage existing data repositories to permit real-time authorization decisions and speed deployment. It supports a wide range of authentication options. Its comprehensive auditing and reporting features were a powerful persuader for Partners.

"Obviously, we have to comply with HIPAA, and we have to go through a bunch of audits," Gervais says. "With ClearTrust, our information security office sets up procedures; inside the application, we have clinical security policies down to the patient level. We can audit changes in patient records going back two years. It's nice, finely grained audit data."

Novell eDirectory

At the heart of Novell's identity and access management offerings beats eDirectory, a mature and very solid directory product that draws reader praise for overall quality and security.

Sun ONE Directory Server
Sun Microsystems

Sun's respected directory shines brightly, drawing reader kudos for performance and overall quality, with a strong vote for security.

Information Security & Products of the year 2006
Intrusion Detection Signature- and anomaly-based host and network IDS products

The Detection Selection

Clearly, IDS has a home in the enterprise, despite doomsday predictions, as a weapon against an ever-evolving hacker landscape.
eTrust Intrusion Detection

Intrusion prevention may be threat management's flight of fancy, but there's still clearly a place for standby intrusion detection in an enterprise environment.

The death knell apparently rang prematurely for intrusion detection systems, as many security managers understand its function and value, and are unwilling to abandon a technology that affords them network awareness and forensic capabilities.

It's here that CA's eTrust Intrusion Detection product scored well to earn a gold medal in intrusion detection.

Excellent scores in security capabilities, feature sets and overall quality put eTrust over the top. The product is a versatile weapon against an ever-evolving hacker landscape.

A southern U.S. university, for example, deployed eTrust Intrusion Detection, among other CA security products, in its environment to help secure a new online master's degree program for the Department of Homeland Security. The school was concerned about protecting the identities of its students who worked for DHS. eTrust Intrusion Detection alerted IT managers to potential attacks and helped the college run its program successfully and securely.

Security managers can either remotely or centrally manage eTrust Intrusion Detection. The product protects against known attacks by pinpointing traffic patterns that offend established policies and cutting off sessions that are clearly against policy.

It's natural that systems management giant CA's eTrust Intrusion Detection integrates easily with the company's flagship eTrust Security Command Center and eTrust Vulnerability Manager.

Another IDS sweet spot is forensics. eTrust Intrusion Detection logs data that can be analyzed from leading databases like SQL Server and Oracle. Logging features also can be tweaked to track user behavior on the network, as well as application performance. The product can also be used to monitor HTTP, SMTP, FTP and Telnet traffic, and offers URL blocking and access control features that deny user visits to prohibited sites.

Clearly, IDS has a home in the enterprise, despite doomsday predictions. The technology has lived beyond its death sentence, and its future will be determined by its ability to correlate and visualize the data it generates, keep false positives and negatives to a minimum, and stabilize bandwidth consumption.

Intruder Alert

Who goes there? This host-based IDS complements Symantec's network security products and is well-regarded by users for security, performance and overall quality.

RealSecure Network
Internet Security Systems

Standing the test of time with nearly a decade in the IDS market, RealSecure remains a strong component of ISS's security portfolio and continues to draw strong user ratings for overall quality.

Information Security & Products of the year 2006
Intrusion Prevention Inline and offline network IPS products

Raise the Shields

With its ability to scale from a network's edge to remote locations, IntruShield is truly an enterprise product.
IntruShield IPS

Antivirus vendors have extended their lifespan by branching out to offer enterprise protection beyond malicious code. McAfee got into the intrusion prevention space in April 2003 via its acquisition of IntruVert and its IntruShield IPS appliances. The move was part of a bigger push into overall vulnerability management that also included McAfee's acquisition of Entercept and its host-based IPS technology, and Foundstone, a vulnerability assessment company.

IntruShield, an IPS veteran, earned the gold medal in intrusion prevention with high scores in performance and security capabilities, as well as overall quality and feature sets.

IntruShield is entrenched in the enterprise. Research firm Infonetics Research declared it the worldwide revenue market-share leader for network-based inline IPS, a position it's held since the fourth quarter of 2003. McAfee is the No. 3 appliance vendor behind Cisco and ISS, according to IDC. The IPS appliance market, meanwhile, continues to boom with 35 percent annual growth and a projected growth of 104 percent through 2008, Infonetics says.

One university network manager keeps malicious code attacks and hacker intrusions to a minimum using IntruShield, sitting it inline between the school's firewall and router. IntruShield also identifies reconnaissance missions carried out by hackers looking for weak network entry points. Attacks are prevented from compromising a network, a proactive posture that IDS systems don't afford.

IntruShield defends against known and unknown attacks, using three different means of detection: signature-based, anomaly-based and denial-of-service protection. It also protects against clear-text and encrypted attacks.

The product is able to parse more than 100 protocols and more than 3,000 signatures to detect intrusions. It also includes virtual IPS and firewall deployment options, including inline, port clustering, and span and tap modes. The various deployment options enable security managers to create and enforce granular security policies. All of this contributes to a reduction in false positives.

IntruShield is truly an enterprise product, with the ability to scale from the network edge to remote locations. IntruShield scales from hundreds of Mbps to multi-gigabit bandwidth. Signature updates are automated and done in real time without the need for sensor reboots, eliminating the need for manual updates or downtime for reboots.

ASA 5500 Series Adaptive Security Appliance
Cisco Systems

With firewall, VPN and network AV on top of its powerful IPS capability, the ASA 5500 series got a thumbs-up for security.

Proventia G Series
Internet Security Systems

ISS's line of appliances serves a wide range of environments, and Proventia is well-regarded for overall quality, performance and security.

Information Security & Products of the year 2006
Network Firewall Appliances and software-based network firewall products

Juniper Blooms

"We selected Juniper because we knew the performance was greater than our previous solution."
NetScreen-5GT and -5XT
Juniper Networks

Juniper Networks clearly knew what it was doing when it acquired NetScreen in 2004. Its NetScreen-5GT and -5XT firewall appliances earned consistent "excellent" and "good" responses across the board, earning the gold medal in the network firewall category for two years running.

This family of network security solutions is ideal for locking down enterprises' remote offices, retail outlets and broadband telecommuter environments. Its integrated security applications, routing protocols and policy-based management features have earned it the top spot among surveyed readers.

The NetScreen-5GT's and -5XT's stateful packet inspection and signature-based deep inspection threat detection, and DDoS protection capabilities, stop network- and application-layer attacks. Their Web filtering options (available from third-party vendor Websense) prevent users from leaking sensitive corporate information, whether deliberately or through spyware/phishing attacks. The firewalls offer up to 25 concurrent VPN tunnels, an unlimited number of trusted IP addresses and up to 4,000 concurrent sessions.

Specifically, the 5GT has embedded network-based AV that scans for viruses in e-mail, Web and file-transfer protocols. Its embedded Trend Micro antivirus engine scans IMAP, SMTP, FTP, POP3 and HTTP mail protocols, and checks against an encyclopedia of more than 80,000 signatures. (It is important to note that the NetScreen-5XT does not support this embedded antivirus gateway scanning.)

The 5GT's and 5XT's embedded IPSec VPN provides Web-based and XAUTH authentication, with third-party support for RADIUS, LDAP and RSA SecurID.

"We originally selected Juniper because we knew the performance was greater than our previous solution. We had no idea we'd be seeing so many other benefits," says Matthew Gruett, Internet systems specialist for TDS Telecom.

Both the 5GT and 5XT support key routing protocols--including BGP, OSPF and ECMP--and integrate into the network with ease. Dial-backup and dual Ethernet ports support business-critical systems and provide redundancy. Restricted security zones protect corporate activity and offer a clear separation between authorized and unauthorized business use. The zones also offer delineation between home and office users, allowing employees to access the corporate network though a secure VPN connection (work zone) and maintain their access to the Internet (home zone) through normal connectivity.

In addition, the 5GT Wireless appliance also offers support for a wide set of wireless authentication and privacy protocols for 802.11b/g networks.

Cisco PIX 500 Series Security Appliances
Cisco Systems

Firewall and PIX are synonomous, says one user. "It's what I trust between me and the Internet."

Check Point Software Technologies

It is no surprise that this granddaddy of firewalls continues to draw great user support, getting especially strong ratings for security.

Information Security & Products of the year 2006
Remote Access IPSec, SSL VPN and thin-client products

Access Success

"Concentrators [are] the most compatible and secure, and provide the best ease-of-use out of all remote access devices."
VPN 3000 Series Concentrators
Cisco Systems

With the proliferation of laptops, PDAs and other mobile devices requiring access to the corporate network, a VPN purchase is no longer an impulse--it's an imperative. The offerings have mushroomed, particularly SSL VPN products, forcing IPSec-dependent market leaders to broaden their scope. Included in this wave are Cisco Systems' VPN 3000 Series Concentrators--a smart move judging by the number of readers who raved about its endpoint security and ease of use. For this reason, the Concentrators were awarded the gold medal in remote access.

"Concentrators have proven to be the most compatible and secure, and provide the best ease-of-use out of all the remote access devices I have encountered," wrote one enthusiastic user. Others who helped make the series' six models collectively tops were especially pleased with the Concentrators' security, including their firewall capabilities through stateless packet filtering and granular access control. The majority also gave their thumbs-up approval to the wide range of features, documentation and vendor support.

"An excellent tool," said one user.

Scalability is a strong driver. Cisco VPN 3005 and 3015 are designed for small- to mid-sized enterprises, promising between 100 and 200 simultaneous IPSec sessions, or 50 and 75 WebVPN sessions. The 3020 and higher are geared more toward larger companies, supporting up to 10,000 IPSec, or 500 clientless sessions running concurrently in the 3080 model.

A big plus, according to users, is the VPN series' versatility. Recognizing that SSL VPN providers were gaining market share, Cisco made sure its 3000 series offered both IPSec- and SSL-based connectivity on a single platform. This allows almost any device within the corporate network to establish an end-to-end secure connection using public networks.

In addition, customers like how easily the Concentrators can be managed through their simple Web-based interface to configure mobile devices and monitor all remote-access users. That includes pushing policies and updates through the VPN to users and then scanning for continued compliance before a machine is allowed on to a network.

Some respondents were glad to discover that the VPN 3000 Concentrators work well with other applications.

"[We] rarely have problems with these devices," one user wrote. Another summed it up this way: "[Concentrators are] just plain easy."

Check Point Software Technologies

This is the other half of the medal-winning Check Point package (with FireWall-1). One user calls it "the most compatible, secure remote access device." It wins high praise for security, performance and overall quality.

VPN Gateway
Nortel Networks

"Stable, reliable, robust. Just keeps working." VPN Gateway users particularly like its performance and give it consistent "excellent" ratings for security.

Information Security & Products of the year 2006
Network Security Management SIM/SEM, configuration, policy and security device management, and change control products

Always on Guard

"It's a great set of electronic eyes. We have more visibility into the Web infrastructure and critical servers."
Tripwire Enterprise

Ralph Waldo Emerson said, "A foolish consistency is the hobgoblin of little minds"-- but certainly maintaining consistent system configurations is a serious matter to diligent security managers. That's why Tripwire Enterprise, which provides a 24/7 real-time window into network change management, won the gold medal for network security management.

"It's a great set of electronic eyes," says Steve Kirschbaum, CISO for Openwave Systems, which develops cellphone software for large telecommunications firms. "It has robust monitoring capabilities. We have more visibility into the Web infrastructure and critical servers; we can do more remotely."

In its initial deployment, Openwave used Tripwire to monitor its FTP site for delivering software to customers. Tripwire's ability to monitor the site in real time allows the company to claim revenue as soon as the software is posted. Further, the detailed and accurate audit reports give Kirschbaum peace of mind for regulatory compliance, especially SOX.

Before Tripwire, "It was pretty spotty, notifying the client and notifying finance. It wasn't always accurate. With SOX, accuracy is big," Kirschbaum says. He is planning a more extensive rollout to monitor and produce reports on Openwave systems and development organizations in Europe and Asia.

Tripwire came out on top in a diverse, complex category. Network Security Management encompasses not only change control, but security information and event management, policy management and security device management.

Tripwire Enterprise monitors files, directories, registry settings, directory server objects, and configuration files on file and directory servers and network devices.

This provides sweeping change control coverage across the organization, giving security managers timely notice about which systems have fallen out of compliance--through unreported installations, configuration modifications, or attacks--and confirming that authorized changes have indeed taken place. Tripwire provides detailed reports that verify system integrity or give staff the information they need to investigate and remediate noncompliant devices. It can be integrated to direct third-party tools to automate remediation.

Kirschbaum, who had extensive experience with Tripwire at a previous job, looked at competitive products, but says Tripwire has a good brand name, and that he's sold on its "great customer service."

And he had an important ally. "It gave us exactly what our business required," he says. "Our finance people requested it by name."

ePolicy Orchestrator

Making diverse security tools play beautiful music together, Orchestrator centrally manages McAfee security products, correlates data and detects rogue systems. Users like its performance and security.

eTrust Security Command Center

Like an enterprise General, eTrust Security Command Center puts combined arms to work, correlating security data and integrating with vulnerability assessment and remediation tools.

Information Security & Products of the year 2006
Vulnerability Management VA scanners, and automated patching/remediation and vulnerability risk management products

Solid Plan for Scans

McAfee's Foundstone Enterprise "sets the standard for accurate assessment of exposures [and] shows adaptability to our global IP network."
Foundstone Enterprise

McAfee made a savvy move when it acquired vulnerability management firm Foundstone in 2004. The Foundstone Enterprise product has been proven a hit with customers for its security, comprehensive features and overall quality, earning it a gold medal for vulnerability management.

Drawing on the expertise of Foundstone's consultant founders-- who wrote the best-selling Hacking Exposed--the technology eases the pain of managing a multitude of vulnerabilities in operating systems, network devices and other infrastructure.

Available as software or the FS1000 appliance, Foundstone Enterprise provides an automated system for what can be time-consuming and cumbersome chores for an enterprise: mapping the network, prioritizing assets and probing for vulnerabilities.

At the core of McAfee's Foundstone Enterprise is FoundScan, the original name of Foundstone's vulnerability management solution. FoundScan's accuracy in identifying operating systems and matching vulnerabilities to target systems is top-notch, as is its ability to scan large-scale networks quickly.

The Foundstone technology "sets the standard for accurate assessment of exposures," says one enterprise security manager. More than any other competing product the company tested, it "shows adaptability to our global IP network" and also provides extensive management tools.

Foundstone Enterprise comes with a multi-user, role-based Enterprise Manager Web portal, which allows managers to schedule and monitor local or remote scans--a boon for distributed enterprises. The portal gives managers a lot of flexibility in scheduling and tuning scans so they don't interfere with business operations. Scans can also be configured for specific parts of the network or for certain vulnerabilities.

An optional remediation component helps with one of the biggest headaches of all: making sure critical vulnerabilities are fixed. Based on vulnerabilities discovered in a scan, the module automatically creates tickets, assigns them to the appropriate employee for remediation and provides a way to verify that problems are actually fixed.

Another elective add-on is the threat correlation module, which supplies customers with threat intelligence alerts from the experts at McAfee's labs, giving them a leg up when dealing with breaking events such as Internet worms.

The latest release of Foundstone Enterprise features regulatory compliance templates. The updated software will measure compliance with the vulnerability and configuration aspects of regulations such as SOX, HIPAA and the Payment Card Industry (PCI) standard.

Vulnerability Assessment

Another weapon in security behemoth Symantec's diverse arsenal of security weapons, Vulnerability Assessment gets good grades across the board, with security most frequently receiving excellent scores.

Internet Scanner
Internet Security Systems

A top name among VA scanners, Internet Scanner can be integrated with ISS's intrusion prevention products under a common management platform. Readers applaud its overall quality, and give high marks for its performance and feature set.

Information Security & Products of the year 2006
Wireless Wireless IDS/IPS, access control and rogue detection products

Wireless with Less Worry

Even if a network extends beyond an organization's walls, Unified Wireless Network Solution can do the job.
Unified Wireless Network Solution
Cisco Systems

The networking giant may soon be the security giant as well, at least when it comes to keeping wireless networks safe. Cisco Systems' Unified Wireless Network Solution earned top honors grabbing the gold medal in wireless.

Unified Wireless Network Solution is a standards-based wireless LAN security solution designed specifically for large organizations. The offering mitigates sophisticated passive and active wireless LAN attacks, works with a range of client devices, and provides reliable, scalable, centralized security management. Additionally, it's intended to keep the IT staff burden low with administration features that allow network admins to deploy robust yet easy-to-manage security across a network.

The majority of respondents to the Products of the Year survey rated the product good/excellent in all categories, with its marks for overall quality particularly strong.

Other product highlights include support for industry security standards, such as IEEE 802.11i; the Wi-Fi Alliance's Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2); 802.1X support for strong, mutual authentication; and dynamic encryption key management and data encryption using Advanced Encryption Standard (AES) and Temporal Key Integrity Protocol (TKIP).

With integration in Cisco's Self-Defending Network and Network Admission Control (NAC) initiatives, Unified Wireless Network Solution allows Wi-Fi Certified client devices to provide access control via per-user, per-session mutual authentication and data privacy with strong dynamic encryption. Additionally, the offering comes with an enterprise-class IPS.

Even if a network extends beyond an organization's walls, the product can do the job, thanks in large part to compatibility with Cisco's wireless mesh solution for maintaining indoor/outdoor connectivity.

Cisco made considerable strides in the WLAN market in 2005, with a nod to its $450 million acquisition of WLAN switch startup Airespace last January. The networking giant has held the top spot in the WLAN equipment market for some time, and the latest WLAN market report from Infonetics Research found that Cisco is closing the gap between itself and wireless switch market leader Symbol Technologies.

According to Infonectics, Cisco also leads the overall network hardware and software security market with a 35 percent share, fueled by the growth in IPSes and network access control (NAC) gear.

AirMagnet Enterprise

Scanning the air like a hawk, AirMagnet's IDS/IPS product won user support for its overall quality, feature set and documentation.

SonicWALL TZ 170 Wireless

SMBs need secure wireless, too. TZ 170 Wireless delivers 802.11b/g service, firewall and VPN. Surveyed users particularly like its performance and feature set.

Information Security & Products of the year 2006
Emerging Technologies

Key Cog in Compliance

"Elemental has the most comprehensive overall approach for compliance monitoring, across the board and across platform."
Elemental Compliance System

Financial services companies like Marshall BankFirst need a firm grip on what's going on across their networks, both to satisfy demanding regulatory obligations and to protect their customers' accounts and personally identifiable information.

"Elemental has the most comprehensive overall approach for compliance monitoring, across the board and across platform," says Tyler Brenden, director of IT infrastructure for Marshall, which includes banks in three states and national commercial and residential lending services.

In a year when regulatory compliance seems to dominate the infosecurity market, the integrated policy management, host configuration and network access control in a single offering earned Elemental Compliance System (ECS) the gold medal in emerging technologies. In a category chosen by Information Security and editors, Elemental's innovative approach to a high-profile, enterprise-level security need made it the clear choice.

"Being a bank, we have many federal compliance issues," says Brenden. "Audits always came down to information security policy: 'Prove it. Do you actually implement the policies?' We had to show screen prints and configuration screens. With Elemental, we can define policy and show which devices are in compliance, and the percentage."

Agent-based ECS gives an up-to-date picture of your networks' compliance on demand--by group, by device and by policy. It can monitor compliance for anything from password policy to patch level. ECS provides some 1,700 policy templates based on NSA, Microsoft, DISA and SANS security best practices; SOX, and standard applications such as Internet Explorer, Oracle, Apache, Sendmail and IIS. ECS can enforce as well as monitor policy through several means, including quarantining noncompliant PCs and servers. Marshall is getting ready to implement its initial enforcement procedure for wireless connections.

"We don't allow wireless networks," Brenden declares, "but our workforce has laptops. Our Elemental policy won't allow the device to connect to the network if the wireless card is enabled."

Brenden also likes ECS agents' ability to detect devices on the corporate network by monitoring traffic in and out of the device and putting them into dynamic groups until they can be checked out.

"And it can limit communications between devices," he says. "We can see some important cases for that, particularly not allowing development machines to see data sources."


With attackers swarming over vulnerable Web apps, HIVE creates quite a buzz with its fresh approach to securing online activity. The magic is in its unique technology, which effectively uses application-layer tokens to proxy each Web transaction and validate requests.


OneSign is single sign-on for the rest of us, with an innovative technology that makes adding almost any application a snap, doing away with manually scripted login procedures, and saving time and money.

Information Security & Products of the year 2006

Choosing Our 2006 Products of the Year

Information Security and presented 890 readers with a survey of more than 300 security products, divided into 12 categories. Respondents were asked to select the products in each category that they use and had the option of specifying products that did not appear on the list. (The categories and product lists were determined by Information Security and editors.) Respondents were asked to rate each product in six areas: overall quality, performance, features, security, documentation and vendor support/service.

In each area, respondents scored the product on a scale of one (poor) to five (excellent). They also had the ability to opt out of scoring in one or more criteria by indicating that they had "no opinion."

Winners were based on cumulative responses for the six criteria. Editors arrived at a product's overall score by calculating the average number of points it received in all of the evaluation areas. In each category, the highest overall score received the gold medal, the next highest earned the silver medal, and the third highest took the bronze medal.

To prevent products that received a small number of high scores from unduly influencing the results, we instituted a vote qualification minimum: In order to be eligible for award consideration, a product had to be among the top five vote getters in its category.

The three finalists in each category represent the top scores from the top five vote-getters. The gold medal winner received the highest score among the three finalists.

The gold medal winner also had to get at least 25 percent of the total votes.

Emerging Technologies awards were determined by Information Security and editors, who chose three innovative technologies that promise to address a critical security need for enterprises and/or SMBs.

Article 2 of 13

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All