Antivirus may not be the sexiest security technology, but in the security world a strong antivirus defense is a mainstay, must-have, don't even think about it kind of technology. This is especially true as the number and power of viruses, worms and Trojans continues to grow unabated.
For some time now, tools have been readily available on the Internet that make it relatively easy for those with even limited programming skill to construct and launch a virus. In the month of April alone, the Symantec Security Response team listed more than 60 new virus-related threats on its Web site, many of them variants of one another.
Symantec AntiVirus Corporate Edition helps companies ensure all their servers and workstations are adequately protected against such threats. It includes tools that enable administrators to create policies for different groups of users, distribute them from a central location and identify any machines that are unprotected. Such features helped the product garner nearly half of all votes for Datamation's Security Product of the Year, outpacing runner-up Tripwire for Servers 3.0. Other finalists were ReefEdge Connect Server, eIQnetworks' FirewallAnalyzer 3.0, Teros-100 APS and WatchGuard Technologies Firebox V80.
Perhaps 2002 can be considered the year of "back to basics" when it comes to security, given the two top vote-getters both represent older security technologies. Tripwire was invented in 1992 at Purdue University by a team that included Gene Kim, who co-founded the company of the same name five years later to sell a commercial version of the software. Tripwire is intended to spot undesired changes to server data, such as those made by unauthorized intruders.
The rest of the nominees represent newer technologies, however. ReefEdge Connect Server, for example, is a wireless LAN that comes with built-in security, including distributed firewall and virtual private network functions. It also integrates with existing security infrastructure, such as various popular authentication systems.
eIQnetworks' FirewallAnalyzer solves a particularly vexing security problem: helping organizations make sense of the vast streams of log data coming from their firewalls and intrusion detection systems.
John Grimsley, president of Midwest Computer Consultants Inc., in Springfield, Ill., uses the product at his company and has installed it for a number of his customers.
"We've been recommending eIQnetworks Firewall Analyzer because it's feature-packed and very economical," he says. "I've had a couple of banks purchase it and they just love it. They are coming under audits and have to prove they're monitoring their logs."
Firewall Analyzer enables such firms to create a variety of reports that put syslog data in a useable format, showing in simple terms where attacks are coming from and the intended targets. Additionally, Grimsley says it allows the enterprise to identify how much bandwidth individual users are consuming and what sites they are visiting.
Teros-100 APS represents another emerging class of security product: an application protection system, also known as host-based intrusion prevention. The product is intended to prevent the increasingly common practice of break-ins targeted at Web applications by essentially prohibiting any actions that are out of the norm.
Finally, the WatchGuard Firebox V80 is part of a family of high-end firewall/VPN appliances. The V80 is a 1RU appliance that supports up to 8,000 VPN tunnels with throughput of 155M bps for 3DES encryption and firewall throughput of up to 200 Mbps.