By Andrew Garcia  |  Posted 2006-02-06 Print this article Print

Facetimes Real-Time Guardian 500 appliance, running RTG 3.1 firmware (Build 1413), effectively blocks what the company terms "greynets," applications of dubious nature—at least for enterprises—that sneak out over Port 80. eWEEK Labs found the RTG appliance effective not only at blocking spyware over HTTP connections, but also for shutting down unapproved instant messaging and peer-to-peer network connections. However, the RTG 500 whiffed on safeguarding FTP downloads.

The RTG 500 appliance, which costs $14,995 for a fully featured unit, supports as many as 2,500 users. The RTG 3.1 firmware, which started shipping in January, includes mandatory encryption to the management interface and integration with FaceTimes Greynet Enterprise Spyware Manager.

Click here to read more about fighting anti-spyware at the gateway. Ultimately, the RTG 500 was the easiest product to deploy of the three we tested. We connected the appliance to a switch monitor port downstream from the firewall, meaning that no network reconfiguration was necessary at all. Users should ensure the monitor port will support two-way communication, however, as the RTG 500 must deliver TCP resets to block illicit traffic and download attempts.

The RTG 500 easily identified our previously infected clients and denied most of our attempts to download new infections, missing a couple of rogue anti-spyware applications.

The RTG 500 includes easily configurable tools for creating customized blacklists, and, as with McAfees offering, allowed us to configure monitoring for HTTP ports over and above Port 80.

We could pick and choose among 18 categories of threats to protect against. We also could easily configure policy exceptions for certain IP addresses. However, the RTG 500 doesnt get fine-grained enough to allow different policies for different groups; instead, we could enable or disable spyware defenses only for each group.

The appliance also cannot monitor or block FTP traffic at this time, failing all our FTP-based download tests and thereby leaving a gaping hole in spyware defenses. FaceTime officials said this feature will be included in a future release of the RTG family.

Spyware, IM and P2P defenses are each managed individually, so we could, for example, enforce spyware policy while simply monitoring IM activity. We found that the RTG 500s IM and P2P defenses are effective, rooting out unapproved connections across the enterprise.

The RTG 500s reporting tools were good, but those in both McAfees and Mi5s products were better. However, we liked that the RTG 500 let us disable specific filters directly from the report interface, allowing us to take quick action against a false positive.

Next page: Evaluation Shortlist: Related Products.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel