By Cameron Sturdevant  |  Posted 2004-04-26 Print this article Print

Trend Micro Inc.s Network VirusWall 1200 is a rackable 1U (1.75-inch) appliance that, as the name implies, is a virus-stopping tool that performs basic vulnerability assessment on Windows clients and virus cleanup.

Wed like to see more extensive vulnerability assessment in the appliance, as well as the ability to simultaneously work on several virus or worm outbreaks, but eWEEK Labs tests showed that Trend got it mostly right, right out of the box.

The appliance is competitively priced at $5,995 and $30 per seat for 500 seats. The vulnerability assessment software costs $10 more per seat; prices for hardware and software drop significantly as quantities increase. Yearly maintenance, which is included at no cost in the first year, is 30 percent of the software license in the second year. The TMCM (Trend Micro Control Manager) console is included in the cost of the software licenses.

For network segmentation and containment to work, VirusWall 1200 appliances must be installed at choke points throughout the network, which could get expensive.

The product, which became available this month, competes with enterprise anti-virus products such as Symantec Corp.s Symantec AntiVirus Gateway Solution and Network Associates Technology Inc.s McAfee Internet Gateway. However, the VirusWall 1200 can stop outbreaks and keep susceptible PCs from accessing the Internet; its rivals cant.

In tests, the VirusWall 1200 stopped a SQLSlammer worm outbreak from spreading to other network segments and automatically cleaned up the damage caused by the worm on several machines that were initially infected.

Outbreak policies are developed at TrendLabs (Trend Micros anti-virus research centers) and are provided to security managers via downloads to the TMCM. Outbreak policies can be automatically pushed to the VirusWall 1200, or managers can evaluate policies and manually distribute them.

From a management perspective, the TMCM console made it fairly easy to control the VirusWall 1200. However, we hope the management interface will get beefed up in future versions to make it easier to manage groups of VirusWall 1200s.

In tests, the VirusWall 1200 performed agentless vulnerability assessments of Windows client machines when they attempted to access the Internet. We configured our VirusWall 1200 to redirect the browser to a remediation site, which provided patches and instructions if a machine didnt have the correct patches in place. After the machine was updated, the VirusWall 1200 allowed it Internet access.

The chassis performed well in our pull-the-plug test. After approximately 15 seconds, the powerless device simply passed traffic, without anti-virus or outbreak protection. Because the VirusWall 1200 provides an SNMP trap, we were able to use our Hewlett-Packard Co. OpenView Network Node Manager to track the operational status of the VirusWall 1200.

Senior Analyst Cameron Sturdevant can be contacted at cameron_sturdevant@ziffdavis.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at csturdevant@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel