almost daily basis, security has never been more critical. To make matters
worse, blended threats — a combination of hacking, Denial of Service, and
worm-like propagation — can rapidly compromise millions of machines.
Consequently, network security managers have been forced to consider more
comprehensive strategies and solutions that can be implemented quickly and easily across the network.
To that end, Datamation readers made Integrity 4.0 from Zone Labs Inc. their
top pick in the security category of this year’s Product of the Year Awards.
Gateway Security 5460 from Symantec Corp. placed second, followed by
Securify SecurVantage 4.0 from Securify, Inc.; FirewallAnalyzer Enterprise
from eIQnetworks, Inc.; and NetDetector from NIKSUN, Inc.
Integrity 4.0 does a great job of managing remote laptops as well as
desktops, and the ability to easily manage central, broad deployments is
really what every security manager wants, says Eric Ogren, a senior analyst
at Yankee Group in Boston.
Integrity provides three security clients that can be used either independently or in any combination. Two of these, Integrity Agent and Integrity Flex, offer centralized IT security and policy management. The third, Integrity Desktop, is used in situations where central management is unnecessary.
Ogren also concurs that Gateway Security 5460 (SGS) from Symantec is a popular
choice because of its ability to filter perimeter gateways.
“For small to medium businesses this single security appliance makes a lot
of sense,” Ogren says. “What this SGS product does is a nice job of
integrating antivirus and URL filtering directly into the firewall.”
That means if there is a branch office without an IT person on the premises,
a single device can easily manage the security needs and be monitored
remotely.
Beane certainly needed a good handle on the state of his network. The
technology director for the Braxton County Schools in Braxton County, W.Va.,
Beane chose the Symantec Gateway Security appliance in order to keep his
network safe from hackers.
“Our needs were to ward off viruses, which we seem to get over and over
again,” says Beane. “We had some problems with people coming in and using
our file servers for their own purposes and I wanted a way to analyze my
networks to see what was being attempted from the outside.”
When he began looking about a year ago, Beane quickly discovered he would
have to deploy separate products in order to get such features as virus
scanning, a firewall, intrusion detection and content filtering. But the
piecemeal approach was not an option, he says, because with no IT staff, the
installation and management would have been too burdensome.
Working with a vendor, he discovered SGS last fall. After viewing a demo of
the product, “I found it would meet everything I wanted,” he says.
Symantec Gateway Server was installed in each of the eight schools and
administration building within a couple of months. On of the best features
for Beane is that he can create a software image on one box and save it on a
computer so that when he sets up other devices, “I just load that image to
those boxes and then just change the IP addresses for the network
interfaces. Then that device is ready to go” in as little as 20 minutes.
“The major benefit I get from this is, most notably, when the latest round
of viruses comes out my phone doesn’t ring off the hook, and that means a
lot,” he says. The majority of viruses they would get hit with came in
through email attachments, but now, “these boxes secure the perimeter of our
network and every piece of data is now being scanned and keeping these
things from ever reaching the end user.”
The other big plus for Beane is that the product can be managed thru a web
browser so he can sit in his office and connect to any one of the devices
and see down to the individual user how much data is coming in to a machine.
Beane can also spot hackers attempting to get into the network and what
methods they are using.
Issues like gaining remote access through open ports on the network have not
been successful since the installation of the gateway servers, he says.
“It really gives me a better idea of what’s going on on my network. Before,
I didn’t have that detail … that means a lot as a manager.”
But technology can only protect so much. Beane says a major goal this year
is educating end users on how to keep themselves secure.
“We’ve made the purchase of these devices and as far as the network is
concerned, we have about all we need to do. We just need to make end users
little more saavy.”