Published: 27 Sep 2005
Vital Security Appliance NG-1100
Price: Starts at $2,950
|Finjan Software's Vital Security Appliance NG-1100|
In a time when Internet-based business is almost every organization's lifeblood, Finjan Software's Vital Security Appli-ance NG-1100 package of proprietary and third-party gateway security modules gives SMBs strong content protection and defense against zero-day exploits.
Finjan's technology differentiates legitimate application behavior from malicious content by identifying the activity of the application before it runs on a host. This Next Generation Application-Level Behavior Blocking deters known and unknown threats at the perimeter; it includes extensive signatures of script (VB and Java) behaviors and binary threats (Java Applets, ActiveX and executables). Careful examination of anomalous events compared to those listed in Finjan's exhaustive database help NG-1100 determine if the action is valid or possibly malicious.
In our lab, we ran assorted VBscripts, ActiveX controls and executables--both legitimate and malicious. Finjan prevented malicious actions, such as changes to the registry and spyware "phoning home," while safe applications, such as installing software and customized program automation scripts, were allowed to proceed.
Equally impressive in coverage are the antivirus and URL-filtering modules, which are offered through third-party partnerships with Sophos, McAfee, Secure Computing and SurfControl.
Additionally, Finjan offers extensive list management for content control such as allowing large uploads/downloads, whitelists/blacklists and timeframe locks.
Centralized policy management and enforcement has become key in security, and Finjan offers a detailed set of default policies and customized controls in the NG-1100 Policy Server. Rule and engine status can be quickly viewed, edited and assigned. Although rules were generally highly customizable, we felt some of them lacked obvious choices common to most organizations. For example, when we attempted to modify Blacklisted File Extensions for instant messaging, the only options offered as exceptions to the rule were MSN and Yahoo IM clients.
The device can be set up and administered through either a graphical Web interface or console connection, but lacks the ability to access via Telnet or SSH as competitive products do. In a matter of minutes, an easy-to-follow wizard walked us through the setup of the appliance's security modules and network settings.
NG-1100 offers Web, audit and system logs with extensive detail fields like IP, URL, action, URL category, protocol, behavior profiles (script and binary) and AV events. Administrators can drill down into specific trends with the ability to filter on each field. Customized log displays can be set up to provide targeted monitoring for items such as suspicious behavior and non-business URLs.
- Powerful propietary engine
- Easy installation
- Modular deployment options
- Limited administration access methods
- No custom reports
We felt the reporting, although highly detailed, was overwhelming. There are six major categories, each with a multitude of specific reports. Transactions could be pinpointed to specific timestamps and users, and reports could be viewed as HTML, PDF or Excel documents. However, there was no report customization and automatic delivery.
The appliance ships with support for both fast and gigabit Ethernet, 1 GB of memory and a 40 GB hard drive.
With comprehensive protection, granular policy options and extensive re-porting/logging capabilities, NG-1100 packs a lot of wallop for an SMB appliance.
--SANDRA KAY MILLER