Tech Focus
One size does not fit all
CRN Test Centre looks at three network-focused security solutions to examine what types of IT networks might best use them in handling the constantly changing threat landscape
By Edward F Moltzen
It’s getting more and more difficult to find one-size-fits-all information technology, and perhaps the area where this is the truest is in enterprise security. It’s not even enough to classify networks by the longtime descriptor of SMB or Enterprise. A business with 10 employees can have a million customers—which would make it a small business with a set of Fortune 500 IT requirements.
Businesses split their technology between their own, internal data centers and hosted solutions. They split between Windows and Linux; desktop endpoints, mobile endpoints and virtual endpoints.
For this roundup, we looked at three separate network-focused security solutions to examine what types of IT networks might best use them in handling the constantly changing threat landscape. We liked them all, and found that VARs could deliver them into customer enterprises with nice value.
Symantec AntiVirus for Caching
With performance a never-ending issue for networks, a neat little optimization solution is the use of caching to speed up delivery of data to endpoints. But viruses—which focus on leveraging enterprise soft spots, like some caching appliances—can appear, and create havoc, on just about any node on a network.
Symantec AntiVirus for Caching, once installed, is browser-based and provides for higher-performance virus scanning and repair services over HTTP traffic that is served through a caching device. Its aim: to make sure that infected files don’t pass through that device and spread throughout a network.
 The software works on Windows 2008 32-bit and 64-bit, Windows Server 2003 32-bit and 64-bit, Red Hat Enterprise Linux 5.x 32-bit and 64-bit, Solaris SPARC 9 and 10 32-bit, and several others; it also works with Mozilla Firefox 1.5 or later and Internet Explorer 6 SP1 or later.
We installed the software on Windows Server 2003 32-bit. A word of note: The software requires Java Runtime Environment 1.5 build 13 or greater, but having JRE 1.6 didn’t do the trick. We still needed to go back and install the 1.5 version.
Virus definitions were updated via Symantec’s LiveUpdate Administration utility, which ensures viruses that make their way into a cache appliance are covered the same way as viruses that enter a server or PC.
Once the software is installed on a management console, it can work on caching appliances, including Blue Coat’s Proxy SG, Network Appliance’s NetCache and Cisco’s ACNS Content Engines.
Pricing is not available. Not all networks use caching devices, but those that do will want to adhere to best practices and make sure that compliance issues are front, center and clear, and are handled in a straightforward manner. For those enterprises that use a caching device and enjoy the performance benefits they bring, considering integration of Symantec’s technology would be well worth the time.
Trend Micro Deep Security 7.0
Trend Micro has spent a lot of time and resources working to tailor its security technology to maximize the growth of cloud-based IT. The company describes the latest version of its Deep Security franchise, Deep Security 7.0, as a collection of Protection Modules, including deep packet inspection, firewall, integrity monitoring and log inspection. Because Deep Security 7.0 provides security at the server layer—whether that’s a virtual server or hosted server—Trend Micro says this is a solution that can provide security from on-premise iron to the cloud.
We installed this software on a virtual Windows Server 2003 in the CRN Test Center, a process that took about a half hour. From this VM, Deep Security 7.0 ran a quick asset inventory and located both physical and virtual computers. The management console of the software provides a VAR or administrator with one interface for management of computers, security profiles, firewall events and rules, DPI events and rules and more.
Task scheduling is fine, and allows tasks ranging from open port scans to software updates to computer discovery tasks to be scheduled on an hourly basis through a weekly basis. We ran several different baseline tests to make sure it worked, and found that it was able to correctly search for open ports, and ran a successful inventory check, for example.
The firewall provides 71 different prewritten rules by action type, which can be assigned by groups ranging from mobile devices to desktops. The rules are written for the needs of both physical devices as well as virtual devices; Deep Security 7 allows firewall rules to be written for VMware vCenter Servers, to monitor packet traffic.
Application control allows for the control of file-sharing services (like Kazaa) or IM services, from AIM to Skype to ICQ from within a network. We wanted to create a rule to ban use of Skype. But the application control feature does provide a warning that Skype use can’t be prevented because of the flexibility of the protocol.
Instead, it allows for alerts to be provided at customized intervals when Skype is used on a network. The same is true for ICQ, for example.
Trend Micro prices Deep Security 7 on a per-server basis starting at $885 per license, with virtual server licenses available for VMware environments, with unlimited agents per host, starting at $2,100.
We’re control freaks, so we would have preferred that Deep Security 7.0 provide the option to ban instant messaging or other applications, but that’s nitpicky considering that other solutions exist to do that and Trend Micro provides so many other benefits for providing security in any manner of environments.
Kaspersky Business Space Security
So, we started this off by talking about how one size doesn’t fit all and now we’re going to shift into a discussion of Kaspersky Administration Kit, which is an element of its Space Security software that, in many ways, attempts to allow one size to fit all. Well, it sort of does.
The solution is designed to allow for organizing and managing security throughout an entire network, from PCs and servers running Windows and Linux to mobile devices on Windows Mobile and Symbian handhelds. That’s a tall order in a segment that is continually pressing the issue on specialization for security in every segment and at every milepost on the IT road map.
But Kaspersky Administration Kit does a couple of things so well for smaller enterprises that we believe it’s a must-consider:
- It provides simple, straightforward installation on either a server or PC, allowing for quick and simple deployment in minutes
- Its Managed Computers console gives VARs or system administrators quick and easy capability to inventory, configure and manage PCs on a network—from task-creation to simple antivirus deployment for PCs
- Report creation and management, which is a necessary means of compliance in many scenarios, even for the smallest of businesses, is a breeze—which we’ve found isn’t necessarily always the case. Reports are graphical, real-time and provide nice data on antivirus database usage, incompatible applications, license usage, virus reports and a full spectrum of information
Kaspersky Business Space Security is priced at $390 for a license for 10 workstations or file servers for a year, which is competitive. The vendor plans to launch the products in October 2010 in India.
Conclusion
IT security is becoming more fragmented over time, not less fragmented, in the types of offerings, approaches, pricing scales and complexity available to VARs and their customers. It’s also going to get more fragmented, not less fragmented, over time as IT itself becomes more complex.
The common thread for all of the above three solutions is that their antivirus performance has been tested. Each also provides an approach that can be tailored for specific solutions: In the case of Trend Micro’s Deep Security 7.0, it’s terrific for enterprises that take a hybrid approach to IT that includes standard on-premise servers as well as either virtualization or cloud-based solutions.
For Kaspersky, we like the way the company has delivered significant enterprise-level antivirus and management capabilities in a sensible way for small business to participate.
In the case of Symantec, we see that the company is able to deliver its technology nicely beyond PCs and servers into the world of appliances—in this case, caching appliances that may be forgotten by security audits in some networks. |