Firewall/Server or Standalone. Microsoft made a strong showing in this
category, with its Internet Security and Acceleration (ISA) Server 2006 Beta
taking first place and its Windows Firewall in Windows Server 2003 R2 nabbing
the second spot. Considering that ISA Server 2006 wasn't generally available
when the Readers' Choice Awards voting was taking place, its winning the top
spot is quite an achievement. Server 2006 builds on its predecessor, ISA Server
2004, to provide server-firewall protection for corporate networks. ISA Server
performs three types checks: packet filtering, stateful filtering, and application-layer
filtering. The new wizards designed to make it easier to create firewall rules.
And ISA Resiliency feature should help the firewall withstand common flooding
attacks better.
See associated figure
Firewall/Desktop. Sunbelt Kerio Personal Firewall has both network and
host intrusion prevention features to block signature-based and behavioral attacks,
respectively. Administrators can create packet filter rules that block or limit
traffic for specific ports, protocols, or IP addresses. End users also "train"
the firewall by telling it what to do when it encounters an application for
the first time (i.e., always run it, run it this time, always block it) and
can set the firewall to halt the sending of private information such as credit
card numbers, email addresses, phone numbers, and social security numbers. Administrators
can configure Sunbelt Kerio Personal Firewall to log traffic history and security
breaches with a customizable level of granularity and send the logs to a remote
server for review.
See associated figure
Proxy Server/Web Access Control & Monitoring Solution. Microsoft
Internet Security and Acceleration (ISA) Server 2006 Beta wins as best proxy
server, after earning third-place honors last year. ISA Server 2006's proxy
capabilities help companies control Internet access and protect clients from
malicious traffic. Internet requests from computers configured as Web proxy
clients are directed to ISA Server's firewall service. The Web proxy is implemented
as an application filter that sits on top of the firewall engine in ISA Server
2006 to eliminate interprocess communication overhead. Microsoft says that due
to this change, Web proxy traffic runs 3.5 times faster under ISA Server 2006
and ISA Server 2004 than under ISA Server 2000.This new architecture is also
more secure because Web proxy traffic now goes through the firewall inspection
engine instead of straight through the Web proxy.
See associated figure
Intrusion Detection or Prevention Solution. You might not think of Microsoft
Internet Security and Acceleration (ISA) Server as an intrusion detection system
(IDS), but ISA Server 2006 Beta's attack detectors have made believers out of
our readers, who voted it the best in this category. ISA Server 2006 uses configurable
application-specific filters that can inspect the payload contained in a set
of packets to ferret out malicious code, such as worms and viruses. (The packets
look fine to packet-filtering firewalls because their network layer headers
are identical in format to those of legitimate traffic.) Microsoft says that
ISA Server 2006 can detect a number of attack types, including WinNuke, Land,
Ping of Death, IP Half Scan, UDP Bomb, and Port Scan. In addition, ISA Server
2006 can filter incoming traffic to check for DNS host name overflow, DNS length
overflow, and DNS zone transfer traffic.
Vulnerability Scanner. For the second straight year, Sunbelt Software's
Sunbelt Network Security Inspector was voted the Best Vulnerability Scanner.
In "Vulnerability Scanners" (October 2004, InstantDoc ID 43888), Jeff Fellinge
gave this assessment of Sunbelt Network Security Inspector 1.5: "A fairly robust
and user-friendly scanner; good for those who are concerned with the learning
curve." The current 1.6 version can scan multiple Windows, Linux, and UNIX versions,
Mac OS X, HP printers, and various Cisco devices. Sunbelt Network Security Inspector
is licensed by administrator, not IP address, so you can scan unlimited devices
for the same price. For a comparison of Sunbelt Network Security Inspector with
other scanners, including GFI Software's GFI LANGuard Network Security Scanner
and eEye Digital Security's Retina Network Security Scanner, see the aforementioned
" Vulnerability Scanners" article.
See associated figure
Antivirus/File Server or Client. In a close race, Symantec AntiVirus
Corporate Edition edged out its competition to earn the title of Best Antivirus/File
Server or Client. Symantec Security Response, Symantec's Internet security research
organization, contributes to Symantec Antivirus Corporate Edition's database
of virus signatures. The current version of Symantec Antivirus Corporate Edition
supports several popular Linux clients, including versions of Red Hat Enterprise
Linux and SUSE Linux Enterprise Server. Another new feature is integrated Web-based
reporting that scales to support thousands of users, is designed to be simple
to install, offers streamlined workflow and usability, and provides basic reports.
Also, spyware repair enhancements automatically block spyware installation,
spyware detection and remediation is "stealthed," you can view the impact of
a piece of spyware according to Symantec's Risk Impact Matrix, and repairs have
been improved for invasive risks.
See associated figure
Antivirus/Mail Server. Microsoft Exchange Hosted Filtering is the rebranded
version of one of the managed services Microsoft acquired in its purchase of
FrontBridge Technologies last year. This email filtering service got its new
name in April; now it's the first service to win our Best Antivirus/Mail Server
award. In the Exchange & Outlook UPDATE article "Front-Bridge Gets a Makeover"
(April 1, 2006, InstantDoc ID 49910), Paul Robichaux describes Exchange Hosted
Filtering: "The filtering process includes antivirus scanning using your choice
of four engines (Trend Micro, Symantec, Sophos, and Kaspersky Lab); spam filtering;
and policy controls that let you block or redirect messages according to their
origin, destination, or content. The Exchange Hosted Filtering service also
includes a feature that I wish would be included in Exchange 12: filtering mail
by character set." The Exchange Hosted Filtering service is delivered over the
Internet and runs on a set of fault-tolerant, load-balanced servers in multiple
locations. The service is priced per user per month.
Spyware Blocker. CounterSpy Enterprise from Sunbelt Software repeated
its 2005 performance to win the Spyware Blocker award—with a big margin.
In "Get Smart: Enterprise Antispyware" (February 2006, InstantDoc ID 48830),
Jeff Fellinge summed up CounterSpy Enterprise as, " A good pick for enterprises
on a budget." CounterSpy Enterprise detects and blocks more than 35 categories
of malware. Its threat database is updated by Sunbelt's CounterSpy Research
Team and CounterSpy customers who participate in Sunbelt's ThreatNet community
by sending possible spyware to the CounterSpy Research Center. Because of a
previous agreement between Sunbelt and GIANT Software, whose antispyware solution
formed the basis of Windows Defender, CounterSpy and Defender share spyware
definitions. CounterSpy also offers policy-based, centralized management as
well as reporting based on Crystal Reports.
See associated figure
User Authentication Solution (Password Management, Two-Factor, Biometric).
A relatively new product catapulted to the top spot in this broad category,
and its name is a mouthful: Microsoft Active Directory Federation Services (ADFS)
in Windows Server 2003 R2. Active Directory (AD) gives an organization's users
single sign-on (SSO) functionality by authenticating the users to Windows applications
that operate within the organization's security or enterprise boundaries. ADFS
extends the SSO functionality to Web-based applications for customers and partners
outside the organization. With ADFS, these users can sign on once and be authenticated
to multiple Web applications during their online session. ADFS accomplishes
this by securely sharing digital identities and entitlement rights, or "claims,"
across security and enterprise boundaries. Tightly integrated with AD, ADFS
retrieves user attributes from AD and authenticates users against AD.
See associated figure
End of Article
Register
