Plug-In Protection

 
 
By Davis D. Janowski  |  Posted 2002-07-01 Email Print this article Print
 
 
 
 
 
 
 

New appliances that offer antivirus and content-filtering functions might give software solutions a run for their money. Here's why they make sense for some but aren't quite right for others.

For Jim Mancini, security threats to his companys network are the stuff bad dreams are made of. As IT director of ICTI, a Yardley, Pennsylvania, firm that manages clinical trials for pharmaceutical companies, Mancini had used antivirus software as his main weapon for years. But he just couldnt get comfortable with the fact that the software sat squarely on the very network it was trying to protect. It had failed to block a virus attack once before, and Mancini was searching for an alternative.

He had heard about a new appliance by Aladdin that filtered for viruses, blocked spam, and stopped unauthorized URLs before they reached the network. "It really offered a bunch of tools in one package," Mancini says. "And it seemed easy to use."

He installed the Aladdin eSafe appliance, and a week later an e-mail from the appliance alerted him it had caught and neutralized the Klez virus, keeping it safely away from his network, which is used by 220 people at the companys headquarters and 80 others at satellite offices. The appliance has also kept bandwidth hogs in check and curbed inappropriate Web surfing, thanks to its HTTP filtering.

The recent introduction of antivirus and content-filtering appliances is the industrys response to the compelling need to simplify the process of securing networks. The notorious Code Red, Nimda, and SirCam viruses caused more than $3 billion in damage worldwide in 2001, according to research firm Computer Economics, and the number of computer viruses is expected to rise 22 percent this year.

The appliances we reviewed and tested range from single-purpose devices that scan e-mail traffic for viruses to Swiss Army multitools that offer virus protection, e-mail content filtering, Web filtering, and intrusion detection.

Each product has its strengths, though not one is a panacea. Most lack a consistent level of management detail and ease of use in all of their features, but thats typical of any new class of network security technology.Filtering Appliances: Where They Fit

The appliances havent quite caught on yet, perhaps because many IT administrators havent heard of them. And the few who have arent quite ready to make the leap to an unfamiliar solution, particularly when it comes to security, says Jaclynn Bumback, research analyst for In-Stat/MDR. Its too soon to determine how well theyll sell, but the concept seems on target.

"These appliances stop viruses before they get to the desktop, so theyre a step ahead," Bumback says. "From a security standpoint, they make more sense."

They also relieve servers of the burden of scanning traffic for viruses and malicious or offensive content. That content can adhere to any number of protocols, including SMTP, HTTP, POP3, or IMAP4. Antivirus software running active scans can eat up a significant amount of a servers processing capacity. Meanwhile, encryption and scanning algorithms continue to advance and require more processing power.

The six devices in our main roundup belong behind a firewall on the network, and they fit into one of two categories: gateways or relays. The Ositis AVStripper is a gateway; in which all traffic passes through it and is scanned on the way to the e-mail servers or the rest of the network. The rest of the products are relays; they pretend to be the final destination of all e-mail or Web traffic, but they also scan the traffic, and then, only when the items are deemed safe, pass them along to the rest of the network.

A seventh appliance, the Symantec Gateway Security, is included in this story, but weve set it apart from the others because it offers additional features such as a firewall, a VPN, and load balancing. (See "Symantec Gateway Security")

All the appliances run on hardened versions of BSD, Microsoft Windows 2000, or Linux, operating systems making them less prone to hack attacks.

Although initial configuration of the devices ranges from inputting the IP address through a front-panel LED to reaching the device from a command line, all the products are subsequently managed through a secure console (three via a Web-based interface, two via a Win32 application, and one via Java).

The fledgling appliances, whose prices range from $3,000 for 25 users to $25,000 for 500 users, have yet to prove themselves to most of the market and will undergo some fine-tuning as they mature. But people like Mancini, who tested the eSafe before making the early leap, feel the appliances are ready for prime time.

"I feel a huge sense of relief now," he says. "I can sleep better at night."

 
 
 
 
Davis D. Janowski Davis D. Janowski is Lead Analyst for Web Applications and Software, charged with covering the likes of Google, Microsoft, Yahoo!, and millions of other Internet and Web companies. Prior to this, he served as Section Editor for Consumer Networking, GPS Products, Phones & PDAs (Mobile and VoIP), Associate Editor for Networking Infrastructure, and Associate Editor for Internet Infrastructure. Before joining PC Magazine, Janowski worked as a medical editor, covering epidemiology and infectious diseases, receiving training at the Centers for Disease Control. At one point, he acted as guide for a CDC team, collecting ticks for a study on the origins of human ehrlichiosis in the Florida bush. Before that he made a very modest living as a freelance writer and photographer, covering scuba diving and nautical archaeology.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel