With Defiance TMS (Threat Management System), Kavado has expanded its Web application firewall platform for larger enterprises to manage and maintain multiple firewalls and protect multiple Web applications from a single console.
Click here to read the full review of Defiance TMS 3.1.
2
With Defiance TMS (Threat Management System), Kavado has expanded its Web application firewall platform for larger enterprises to manage and maintain multiple firewalls and protect multiple Web applications from a single console.
We found initial deployment of the Defiance TMS software components more complicated than deployment of SecureSphere, but Defiances fine integration of logging and policy creation helped us lock down our multi-application testbed and minimize false positives thereafter.
Defiance TMS consists of four primary software components that provide active blocking, passive monitoring, policy control and centralized reporting. We tested Defiance TMS using one Defiance Gateway for in-line defenses; the Defiance Management Server, which is the central repository of security data, alerts and logs; and the Java-based Defiance Security Console application, which provides centralized administration, monitoring and policy control for multiple Defiance-based machines across the enterprise. We did not test the Defiance Monitor, which provides out-of-band detection via a switch monitor port.
Pricing for Defiance TMS, which was released in March, starts at $46,317. The base package includes two Defiance Gateways, one Defiance Management Server and one Defiance Security Console. The Defiance Monitor passive IDS (intrusion detection system) is sold separately for $11,500, and additional Defiance Gateways are available for $17,500 each.
We installed the Defiance Gateway on a Dell Inc. PowerEdge 750 server with 1GB of memory running Microsofts Windows Enterprise Server 2003. Administrators must make sure to harden the underlying operating system before deploying Defiance in production, or the device will be susceptible to attack. (Kavado officials expect to soon ship a soft appliance version of Defiance Gateway that runs on IBM hardware.)
The Defiance Gateway relies on a reverse application proxy to protect Web applications. With the reverse proxy, Defiance terminates the connection with the client and inspects traffic for suspicious content before passing it to the Web servers.
We had to configure multiple external IP addresses on the Defiance Gateway—one for each application we protected. From the Security Console, we then created listeners for Port 80 and Port 443 traffic for each external IP address and created the necessary rules to pass traffic to the correct host on the internal network.
We had to make a few DNS and IP addressing changes with the Kavado system, but this process will ease the Web deployment of applications that were originally intended only for internal use because they never have to be fully exposed to the Internet.
As with SecureSphere, we could configure Defiance to decrypt Secure HTTP traffic to scan and assess encrypted communications. However, we found Defiance superior in this respect. The Defiance Gateway terminates traffic, so we could install a new certificate on the Defiance Gateway and choose whether we wanted to re-encrypt traffic as it is proxied to the back-end Web servers. With SecureSphere, on the other hand, we had to import Web servers private keys to decrypt the traffic.
Like SecureSphere, Defiance uses a learning mode to determine legitimate URLs in each Web application and to estimate the proper buffer lengths for user responses. Unlike SecureSphere, Defiance will not continue learning once the device is switched to protect mode. For improved visibility into Web applications, Kavado offers a separate applications scanner, ScanDo, that can be used to import profile changes into Defiance.
Kavado officials said that, out of the box, Defiance TMS will protect against as much as 80 percent of the threats that an organization is likely to face. In tests, we found these base-line defenses obtrusive—especially to our Outlook Web Access application. Defiance did provide assistance in fine-tuning defenses to address this problem. We particularly liked the Refine Button, which allowed us to adjust policies directly from each log entry.
The Defiance Security Console allowed us to assign different administrative controls or viewing privileges to multiple administrators. However, we did not appreciate the additional costs associated with multiple administrators: Each additional Security Console costs $1,995.
Next page: Evaluation Shortlist: Related Products.
Page Three
Evaluation Shortlist
F5 Networks TrafficShield Application Firewall F5 is set to integrate TrafficShield technology into its Big-IP line of application accelerators by years end (www.f5.com)
NetContinuums NC-1000 Application Security Gateway An ASIC (application-specific integrated circuit)-accelerated and ICSA (International Customer Service Association)-certified firewall that adds data compression features to accelerate applications (www.netcontinuum.com)
Teros Teros 200 Teros is the only vendor in this space to offer a range of appliances for different-size companies and has made great strides in security-policy creation (www.teros.com)
Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.