Information Security magazine and research partner TheInfoPro conducted 416 in-depth interviews of security managers working in 273 companies, evaluating a total of 1,239 products to come up with the best security products of 2004. Whether you work in IT security or not, here's a guide to technologies that could make your job easier and your networks safer.
GOLD MEDAL: Sophos Anti-Virus
Fighting viruses has become a speed game. As attacks keep increasing in volume and severity, AV companies have to continuously update their products and signature databases. Sophos uses a series of internally developed approaches to rapidly identify new viruses, including code emulation, online decompression for scanning, and an engine for detecting and disabling macro viruses. It scans incoming documents not by extension but by analyzing their format, making the scanner harder to trick. Other appreciative features: InterCheck technology to counter viruses regardless of their delivery medium: e-mail, CD, floppy disk, instant message or network share; Remote Update to protect machines not regularly connected to the corporate network; and antispam capability in its e-mail server/gateway products, PureMessage and MailMonitor.
SILVER MEDAL: Symantec AntiVirus Enterprise Edition
USER COMMENT: "It catches viruses, the definitions are updated pretty well, and Symantec has good resource pages for downloading remote tools."
BRONZE MEDAL: McAfee's VirusScan Enterprise
USER COMMENT: "McAfee is as good as other vendors, but with more timely delivery of virus definitions."
GOLD MEDAL: Cisco's PIX 500 Series
The PIX 500 Series, ranging from SOHO devices to large-enterprise appliances, has grown to meet the security demands of a Web-centric world. PIX augments its stateful packet filtering with application-aware services that inspect traffic at layers 4 through 7 and provides URL and content filtering. It also offers options for authenticated access through its own or third-party databases. "Cisco is doing a good job of improving its firewall and is making its products more usable and more manageable by non-Cisco router geeks," says a senior security architect. PIX offers an impressive security package that supports the high-performance and media apps, such as VoIP, that businesses are rapidly implementing.
SILVER MEDAL: Check Point FireWall-1 GX
USER COMMENT: "Check Point is a well-understood firewall, and the software has a good front end."
BRONZE MEDAL: Secure Computing's Sidewinder G2 Security Appliance
USER COMMENT: "Secure Computing has really good customer service. We have no major issues with the firewall."
Intrusion Detection Systems
GOLD MEDAL: Enterasys' Dragon Intrusion Defense System
Enterasys' Dragon epitomizes the transition of IDSes from "reactive detection" to "proactive correlation." Rather than firing off thousands of alerts based on single-node scanning, Dragon uses multiple virtual sensors to correlate event data from across the network and compare it to collected data on the network's vulnerability posture. The process, managed through Enterasys' Dynamic Intrusion Response (DIR) system, results in more accurate and timely intrusion management, as well as fewer false positives. Enterasys has transformed Dragon from a standalone IDS to the cornerstone of its network security architecture strategy.
SILVER MEDAL: Cisco IDS
USER COMMENTS: "Cisco does a good job of understanding where our threats are coming from and changing its products to address them." "Technology-wise, it leads most of the network vendors."
BRONZE MEDAL: ISS's RealSecure Network
USER COMMENTS: "ISS has a proven IDS infrastructure." "It's the leader in the IDS market.
Intrusion Prevention Systems
GOLD MEDAL: TippingPoint's UnityOne
TippingPoint, just acquired by 3Com, set its sights on the security market in 2001 with the launch of UnityOne, one of the first inline traffic monitoring and automated response devices. It's an IDS on steroids, with blazingly fast inspection and throughput speeds. TippingPoint is improving upon its foundation through the release of a number of appliances to fit the needs of various-sized enterprises. Its R&D team continues to innovate by producing an increasingly broad attack signature database, an optimized detection engine and more reliable automated response measures. While many enterprises shy away from depending on the auto-response capabilities of their IPSes, UnityOne shops use the appliance with a high degree of confidence. "It's the first IPS system that we can stick in front of any workload," said one director of information security. "It stops the bad stuff and lets the good stuff through at lightning speed."
SILVER MEDAL: McAfee's IntruShield
USER COMMENT: "IntruVert's technology has been very mature since early on."
BRONZE MEDAL: Symantec's ManHunt
USER COMMENT: "ManHunt is a best-of-breed solution that fits our IPS needs."
Virtual Private Networks
GOLD MEDAL: Cisco VPN 3 Series Concentrator
Users rated Cisco System's VPN 3 Series Concentrator tops in its class for one reason: ease of use. Enterprise managers rave about how it combines robust overall technical excellence with a setup process so straightforward that even users can handle it.
Security managers particularly like Cisco's Scalable Encryption Processing modules, which allow customers to do field upgrades of the appliance. These modules, according to security professionals, put the VPN 3 Series in a class by itself. The VPN Series 3 Concentrator covers all the protocols you would expect for VPNs, supporting IPsec, PPTP, L2TP and SSL. Users say that it's stronger at IPsec than SSL, and most managers give it high marks for its versatility and manageability. In fact, Cisco's ability to automatically route new users and manage bandwidth is a boon for enterprise managers.
SILVER MEDAL: Check Point's VPN-1 Pro
USER COMMENT: "Check Point makes my job easier by tailoring its offerings to my business needs."
BRONZE MEDAL : Aventail EX 1500 SSL VPN
USER COMMENT: "It's super easy to use. I also like Aventail's exclusive focus on SSL; it's not a one-off product."
GOLD MEDAL: Juniper Networks' NetScreen5XT and 5GT
Juniper Networks' NetScreen 5 series firewall/VPN appliances hit the bull's-eye for remote offices and broadband telecommuters; they're inexpensive and powerful enough to protect distributed infrastructures. The 5XT and 5GT offer the features enterprises look for in high-end boxes. An ASIC provides accelerated firewall, encryption, authentication and PKI processing. Its stateful filtering and "Deep Inspection" engine detects more than 250 application attacks and protocol anomalies; the 5GT also features embedded Trend Micro AV protection. The appliances protect networks against worms, viruses, port scans and DoS and DDoS attacks.
The IPsec VPN supports redundant gateways, NAT traversal and AES data encryption. NetScreen PKI support includes all major certificate authorities. RSA Security's SecurID, LDAP, RADIUS and Active Directory are supported for multifactor authentication. The appliances support 10 simultaneous tunnels and 2,000 concurrent sessions. Management is handled through a command-line or Web-based GUI, or NetScreen's Security Manager central management console. Its management dashboard highlights critical, logging and attack alerts, and features graphs and device statistics.
SILVER MEDAL: Nokia's IP530
USER COMMENT: "Nokia is a big organization and has a lot of industry tie-ins to its products. It leverages its product into other areas."
BRONZE MEDAL: ISS's Proventia M50
USER COMMENT: "The product is best of breed and has a great feature set."
GOLD MEDAL: BigFix Patch Manager
What enterprises like about BigFix Patch Manager is that it's fully automated and customizable, can push patches to specific machines automatically or on demand, and can analyze and generate reports for measuring patching successes. Even better, it can change configuration settings, making it a good instrument for hardening boxes and employing workarounds if a patch isn't available. Fixlets monitor a machine for vulnerabilities and configuration settings. They communicate with the server, which will push appropriate fixes to either patch the system or bring its configuration into compliance with defined security policies. This is more than just some client-server architecture. Fixlets are more like applets, and that small footprint makes them easy to deploy, update and manage. Each fixlet can carry a broad range of instructions, making them extremely flexible in implementing changes. Enterprises praise BigFix because it gives them the ability to use either fixlets provided by BigFix or, using an editor, create their own.
SILVER MEDAL: PatchLink Update
USER COMMENT: "PatchLink Update is easy to use. PatchLink (the company) is responsive to customers' needs and has a commitment to excellence."
BRONZE MEDAL: Windows Update Service
USER COMMENT: "Microsoft's patch management might lack a couple of features, but it's good enough overall, and it's free."
Security Management Systems
GOLD MEDAL: Secure Enterprise
Sygate's Secure Enterprise is among an emerging class of technologies that address the challenge of endpoint security. Secure Enterprise performs a security "health check" on untrusted hosts attempting to access the network via RAS, wireless or VPN. Using a server/agent architecture, the system evaluates security-critical parameters on the client, such as patch levels, OS and application configurations, and AV and personal firewall status. Based on this assessment, the Sygate Management Server permits the client an appropriate level of access. Endpoints that pass the health check are granted access to authorized resources, based on domain policy; those that don't are either blocked or quarantined until they can be updated. The result is a defense-in-depth architecture that extends beyond the core network.
SILVER MEDAL: ePolicy Orchestrator 3.5
USER COMMENTS: "Orchestrator has been out for years, and it's phenomenal." "It allows us to centrally manage our AV globally very inexpensively."
BRONZE MEDAL: Tripwire for Servers
USER COMMENTS: "Very stable product; it does an outstanding job." "It's very well known. With a little training, you can get it up and running in a day."
GOLD MEDAL: @stake's SmartRisk Analyzer
Love is rarely an emotion displayed for an information security product. But enterprise managers love SmartRisk analyzer service. Unfortunately, this is a good product that's future is uncertain. This fall @stake, maker of the tool, was acquired for the consultancy's professional services unit and expert talent. It has since discontinued SmartRisk Analyzer, making this the only award winner that's no longer supported. SmartRisk Analyzer users swore by @stake's support and people, whose technical and relationship skills, they say, were second to none.
SILVER MEDAL: nCircle IP360
USER COMMENT: "nCircle has great technology, and it's very flexible."
BRONZE MEDAL: QualysGuard
USER COMMENT: "QualysGuard runs remotely, so I don't have to do anything. It's like a shoot-and-forget missile."
GOLD MEDAL:BMC Software's Control-SA
The umbrella of identity management covers a lot of ground: passwords, authentication, access control, provisioning and auditing. Probably the most powerful tool in identity management remains BMC Software's Control-SA, which gives enterprises broad control over user accounts. "BMC Software has a mature product," says the VP of risk management at a large financial services firm. "It has a lot of functionality, and it covers a lot of platforms."
Control-SA's features give enterprises extensive power to provision, control and audit access to IT systems on different platforms. It uses group-based rules to provide users with access based on their departmental assignments, but also has the power to provide exceptions so certain users will have greater or lesser rights. Managing user accounts also means periodic maintenance and modification. Control-SA has tools for adjusting access rights, such as removing certain permissions when a user changes jobs or requires special access for projects. It also automates account revocation, ensuring that an account is closed as a user's employment is terminated. Auditing is critical to good identity management, especially in this age of Sarbanes-Oxley compliance. Control-SA comes with tools for identifying unauthorized use, improper permission and inactive accounts. This gives enterprises the ability to lock down accounts and demonstrate the strength of their security and integrity programs to regulators. An added benefit is Control-SA's self-service password management system, which allows users to reset passwords across multiple platforms and cuts help desk costs.
SILVER MEDAL: VeriSign's SSL Certificates
USER COMMENT: "It integrates well with other products. VeriSign is world class and good for secure communication."
BRONZE MEDAL: Sun Java System Identity Manager (formerly Lighthouse)
USER COMMENT: "Sun has a great LDAP server integrating with Waveset's identity management solution; they seem to work well together."
GOLD MEDAL: Postini Perimeter Manager
Making spam disappear is what makes Postini the Houdini of e-mail management for enterprises. Its Perimeter Manager service is highly effective, and its broad set of features has impressed enterprise users, earning it Information Security's gold award for content filtering. The power of Postini is in its PreEMPT technology, which automatically feeds legitimate e-mail through while either quarantining or tagging suspicious e-mail before it reaches the company's perimeter. The scanning and policy enforcement all happen on Postini's infrastructure, making it extremely effective against DDoS attacks, directory harvesting and malware. Postini's formula for success is simple: Stop malware before it reaches its customers' mailboxes, offer no-brainer management features and keep servers humming smoothly and messages flowing freely.
SILVER MEDAL: MessageLabs Content Control
USER COMMENT: "Quality of service is very high. It's very transparent."
BRONZE MEDAL: Websense Enterprise
USER COMMENT: "Websense is sound and easy to deploy. Pop it in a box, and you're done."
Authentication and Authorization
GOLD MEDAL: RSA Security's SecurID
It's impossible to think of two-factor authentication without thinking of RSA Security and its SecurID. Since 1986, SecurID has defined AAA (authentication, authorization and accounting), making it an obvious choice for our gold award. The SecurID system offers the application support, management/deployment capabilities and reputation for reliability and technical support that give it real-world utility in every type of enterprise. Organizations can deploy SecurID through a variety of hardware and software tokens for Windows workstations, and a variety of handheld devices and wireless phones. But it's what's behind those tokens that attracts and keeps customers, and makes SecurID an enterprise-caliber product of choice. With widespread interoperability with major IT and security companies, SecurID offers authenticated access to data and applications through VPNs, wireless networks, e-mail, intranet/extranet and Web servers. Its agent software extends support to proprietary apps.
SecurID's scalability is a critical factor, enabling large enterprises to deploy and manage authentication for millions of users and hundreds of apps through its Authentication and Deployment managers. The bundled Deployment Manager is automated, Web-based provisioning software that enables quick token deployment. Its self-service capability reduces the drain on IT staffs and help desks.Beyond SecurID's attractive features, confidence in RSA Security may be the product's biggest selling point.
SILVER MEDAL:Microsoft's Active Directory
USER COMMENTS: "Active Directory is a stable and secure method of authentication throughout the corporate infrastructure."
BRONZE MEDAL: Tivoli Identity Manager
USER COMMENTS: "Tivoli is an enterprise standard and a great ID management tool."
GOLD MEDAL: Skybox View 2.0
In reviewing the numerous products that have entered the security market over the last year, the editors of Information Security picked the three most promising for the emerging technologies category. Topping our list is Skybox Security's View 2.0, a clear leader in the emerging automated risk measurement and management space. Skybox View vividly and intelligently calculates and demonstrates risk. Much like a SIM, Skybox pulls data from various sources -- firewalls, routers, IDSes, scanners, servers and applications -- and normalizes it, munching through its risk models and comparing the composite against business objectives and policies. The result is a clear picture of an enterprise's risk exposure. With that intelligence, enterprises are able to act on risk, adjusting their posture and building better event contingency plans.
Skybox View offers many benefits. For starters, the monitoring will tell you when you have increased or unacceptable risk exposure. It will identify and forecast potential exploitable weaknesses, and it accurately measures regulatory and policy compliance. The security intelligence it generates is contextual to the enterprise's unique environment and requirements, making its forecasts and recommendations more reliable. In the latest release, Skybox has added metrics for assigning value to various network assets, a means for identifying metrics that fall under security regulations such as Sarbanes-Oxley, risk trending and tracking tools, and the ability to measure risk change over time. Automated risk measuring and modeling is still a nascent space. Skybox and its rivals will continue to develop and refine these tools into more comprehensive risk management platforms. Skybox has shown that it will compete as a leader and visionary in this field.
SILVER MEDAL: Ounce Lab's Prexis
Ounce Labs' Prexis family of products is among the first to provide reliable, automated source code reviews. Prexis will find security and quality issues in common software languages, providing developers and enterprises with valuable intelligence on how to fix problems that could cause a breach, before code is compiled.
BRONZE MEDAL: Mirage Networks' CounterPoint C-245 (formerly Mi40 Inverted Firewall)
The CounterPoint C-245 is an excellent example of the new breed of security solutions that incorporates signature and anomaly detection, IPS and ingress/egress traffic monitoring and control.