FaceTime USG 320
November 01, 2008
FaceTime Communications Inc.Product:
From £8,695 for 250 users (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Simple deployment, superb IM and P2P controls, system- and user-based access policies, social networking aware
- Weaknesses: Monitoring mode does not support anti-virus scanning
- Verdict: An excellent range of access controls for IM and P2P applications
FaceTime's USG (unified security gateway) appliances aim to deliver a far greater degree of control over web access than standard web filtering and combined UTM solutions.
Anti-spyware plus IM and P2P application controls come as standard but these latest versions now have a built-in awareness of social networking sites such as MySpace and Facebook. By categorising these kinds of sites, FaceTime has enabled the appliances to block or allow specific activities on a site.
Another new feature is support for Active Directory. Access policies can be applied to specific AD users or groups, making the appliances more versatile.
The USG 320 is the second in a family of four appliances. It is delivered as a good quality Dell PowerEdge 1U rack server and can handle 150Mbps throughput and up to 1,000 users. It has a couple of gigabit ethernet ports with the first used to monitor all web traffic.
We found deployment simple, as we attached the appliance to our HP ProCurve 2848 switch and configured port mirroring. The second port is used for dedicated management access but it also brings FaceTime's IM proxy into play. This delivers even greater control over IM applications such as Windows Live Messenger.
The IM proxy can analyse all messages in real time in both directions, add disclaimers to messages, check for banned words and phrases and issue challenges to users attempting to send messages. These can also be archived to the SQL database on the appliance or an external one. FaceTime's new reporting features add legal discovery facilities. We can also pull up reports on all activity to see which systems were trying to access blocked website categories and spyware sites.
FaceTime supports enterprise IM applications including Microsoft LCS/OCS and Lotus SameTime and can monitor and block selected traffic plus user activities and archive these as well. The appliance was first placed in a passive discovery mode where it used Layer 7 packet inspection to identify all application-related activities on the network. We had systems running Windows Messenger, the Vuze Bittorrent client, BBC's iPlayer and tools such as the GoToMyPC remote administration tool.
All were identified with the system's IP address and the amount of traffic they were generating.
USG 320's web interface opens with a complete overview of all activity, including colour-coded traffic graphs showing each application class. It provides summaries for each component and tabs allowing you to view statistics for IM, P2P, greynet, malware and web filtering. Facebook, MySpace, iPlayer and GoToMyPC usage was duly logged under the greynet section.
Enforcement for any or all of the five main categories can be switched on and the range of options is impressive. For IM, P2P and greynet there are literally hundreds of applications to choose from and they can be blocked or allowed on an individual basis.
FaceTime does not mess about with spyware, as it employs a large database of known problem sites which it uses to filter and block access. It also carries out packet analysis to determine the content, and uses pattern matching plus packet sequence recognition.
During testing we were able to block Live Messenger. In discovery mode the appliance logged all activity, including the IP addresses of the participating stations and their contact names. iPlayer, Vuze and GoToMyPC clients received warning messages saying access was blocked and spyware sites we had previously visited were no longer accessible. The web filtering component also performed well.
The USG 320 cannot provide anti-virus scanning. You will however, be hard-pushed to find a security appliance that can offer the same level of controls over IM and P2P and combine these with excellent web content filtering and spyware protection.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry