There are three products in AccessData's forensic suite that every digital forensic investigator needs: Mobile Phone Examiner (MPE) Plus, Forensic Toolkit (FTK) and AD Triage. The compatibility of the three tools enables the user to complete a thorough and organised investigation.
Encase Forensic v7 is a tool for computer investigation that both searches a computer system for information, as well as aids in the process of developing this information into a complete report.
Forensic ComboDock is a read/write blocker. It makes it impossible to unintentionally turn off write blocking. Every time it is turned on, it asks the user to choose either write blocking or read/write mode, avoiding problems that can occur when the user forgets to change the mode to write blocking.
Lima Forensic Case Management Software from IntaForensics is a complete, end-to-end case management system that offers an easy way to organise every aspect of a digital forensic investigation.
Both Mac Marshal Forensic Edition and Field Edition provide user-friendly forensic tool kits. Each allows users to access a computer with ease and flexibility. While these offerings were designed originally for Mac OS X to access data, logs and virtual machines running within the Mac OS, the Forensic Edition for ...
Niksun NetDetector Alpine 4.2.1 is a network security monitoring tool with advanced forensic analytical capabilities and consists of some of the most advanced software and hardware on the market.
ProDiscover Incident Response (IR) from Technology Pathways is a computer security tool that allows users to preview, image, view, search, analyse and report. It also provides solutions for corporate policy compliance investigation, e-discovery and computer forensics.
HBGary's Responder Professional is a Windows memory acquisition and analysis tool that offers a variety of features useful to malware analysts and computer forensic investigators. It allows the investigator to capture data and processes residing in volatile random-access memory for the purpose of further examination later.
ADF Solutions' Triage-G2 was quick to set up and use. All we had to do was download the software, configure the triage key so it knew what to collect, plug the key into the targeted device, and then analyse the information.
Cellebrite’s UFED Touch Ultimate is a fully equipped mobile forensic tool that enables quick and easy data acquisition from more than 8,000 mobile devices, including not only mobile phones, but handheld GPS units, tablets and other mobile platforms.
AlienVault Unified Security Management (AV-USM) combines open source technologies for asset discovery/inventory, vulnerability assessment, threat detection, behavioural monitoring and security intelligence/event correlation.
BlackStratus Log Storm combines log management and security information management with correlation technology, real-time monitoring and an integrated incident response system.
CorreLog Enterprise Server combines real-time log management with correlation, auto-learning functions, high-speed search, ticketing and reporting services. This software solution can be installed in minutes on a Windows host platform with at least 512Mb of memory and sufficient disk space to store log files.
ManageEngine’s EventLog Analyzer from Zoho is a little application that provides a lot of functionality. It takes an agentless approach to collecting and analysing machine-generated logs.
EventTracker Enterprise is comprehensive and designed to be scalable to address multiple locations, business units and domains using the EventTracker standalone, collection point and collection master architecture.
GFI EventsManager collects, centralises, normalises, consolidates and analyses a wide range of log types, such as: World Wide Web Consortium (W3C) and any text-based formats; Windows events; SQL Server and Oracle audits; and syslog and simple network management protocol (SNMP) traps generated by devices, such as firewalls, servers, routers, switches, ...
HP ArcSight Express features a full set of SIEM capabilities, including security event correlation, log management, IT search, NetFlow monitoring and compliance reporting.
The LogRhythm appliance goes way beyond traditional security event monitoring and management. It features log and event management functions, as with any SIEM, but beyond that it includes advanced correlation and pattern recognition driven by its onboard Advanced Intelligence Engine, host and file integrity monitoring and drill-down capabilities to get ...
McAfee Enterprise Security Manager is back this year after a full transformation from its former self, the Nitro ESM. Many of the obvious differences are skin deep and much of the robustness of the previous product remain intact, including the familiar management console.
Sentinel from NetIQ offers a lot of robust SIEM features and functions, including log collection, aggregation, correlation and analysis and reporting all from one single point that is easy to use and manage.
SecureVue from eIQ Networks provides all of the elements one would expect in a SIEM – log consolidation, threat correlation, incident management (including ticket issuance), event analytics, forensic analysis, compliance reporting, change auditing, event alerting, an array of user definable/customisable alerting and reporting options, and more.
SolarWinds Log & Event Manager (LEM) is a virtual appliance capable of collecting logs and events from almost any network-connected device and then correlating that data for further analysis.
The Threat Prevention Appliance from Check Point provides full-scale threat protection at the perimeter, as well as incorporating with endpoint security applications to provide a comprehensive security infrastructure.
Cyberoam CR2500iNG unified threat management appliance offers a multitude of security and threat prevention features for the network perimeter.
The NSA E8510 from Dell SonicWall is a monster security appliance designed for the large enterprise environment.
The InstaGate 604 from eSoft is an appliance we have seen come back year after year with an array of great features and functionality at a reasonable cost.
The FortiGate-60C-POE from Fortinet offers a combination of the functionality of a security appliance with the capabilities of a power over Ethernet switch POE.
Gateprotect GPZ 5000 is the ultimate multifunction security gateway appliance.
The term unified threat management can sound intimidating to administrators lacking in information security experience. Fortunately, basic UTM protection doesn't need to be overly complex, and Kerio Control is a great example of that.
Unified threat management solutions shouldn’t be limited to large corporations with unlimited budgets. Netgear agrees, and offers its ProSecure UTM25S at a price point that should be attractive to small businesses.
Panda Security’s GateDefender Integra eSeries eSB is both easy to set up and offers a rich feature set, with a great deal of flexibility. To get the most out of the product however, administrators should be familiar with a number of open-source technologies.
Perhaps best known for its anti-virus products, Sophos has produced a stellar UTM with its 220.
Administrators of smaller environments on a fixed budget could do very well by the aXsGuard Gatekeeper by Vasco.
While best known for its firewalls, WatchGuard is no slouch in the UTM space. As we detail below, its XTM 830, while somewhat pricey, provides an excellent enterprise-grade perimeter defence against viruses, spam and other unwelcome traffic – and includes a number of other features all in one easy-to-administer device.
Wedge 1005G Anti-malware Gateway looks good on paper, but in reality is a little disappointing. While the initial setup was easy enough, ease-of-use issues and documentation gaps made for a frustrating deployment experience.
This sounds a bit like one of those inflatable toys at local fairs inside of which children bounce around, or perhaps some science fiction environment that surrounds a planet.
Anti-malware today suffers from a frustrating dichotomy. First, it is, arguably, the most mature of all of the capabilities in the security practitioner’s toolkit. Certainly, McAfee is one of the grand old products of the genre.
This is one of those products that one would think is a no-brainer. Virtualised data centres can get very large and complicated and managing it is a challenge.
The notion of wrappers has been with us for a long time. Back in the early days of Unix and Linux, we used wrappers to provide security to not-so-secure applications, such as telnet. Today that concept has matured and we see it popping up in modern apps.
Rapid7’s Nexpose assists clients through the entire vulnerability management lifecycle – spanning discovery, vulnerability detection, risk classification, impact analysis, reporting, vulnerability verification and risk mitigation. Organisations can use it to gain insight into their security posture and IT environment.
GFI LanGuard 2012 offers a full set of vulnerability scanning and management features. It brings together vulnerability scanning, remediation and patch management, as well as network and software auditing, all under one roof. LanGuard is software-based and can be installed on almost any Microsoft Windows machine in the enterprise environment ...
The people at Core Security are at it again. We found this version of the product to contain more automation, more wizards and more options than previous versions we have tested.
FusionVM from Critical Watch offers both vulnerability management and configuration policy auditing in either a physical or virtual appliance or as a full, cloud-based SaaS option.
ManageEngine Security Manager Plus (Professional Edition) is a network security scanner that proactively reports on network vulnerabilities and helps to remediate them and ensure compliance.
Internal Scan - Cloud edition from netVigilance offers a full cloud-based vulnerability scanning engine that can scan both internal and external systems for vulnerabilities and compliance.
QualysGuard Vulnerability Management (VM) provides automated auditing and vulnerability management for small to large enterprises. It is a private cloud-based software-as-a-service.
Retina CS from BeyondTrust offers up quite a few strong features for vulnerability management throughout the enterprise.
From the same graphical user interface, Saint provides an integrated solution for vulnerability scanning, configuration compliance testing, penetration testing, canned reporting and custom report creation.
Secunia VIM is a real-time vulnerability intelligence and management tool, providing organisations with the necessary information required to analyse vulnerabilities in their IT infrastructure, as well as track them from a centralised dashboard interface.
SecurityCenter Continuous View (SC-CV) from Tenable Network Security provides real-time vulnerability management, capturing security and compliance risks introduced by mobile, cloud and virtual infrastructure.
Multi-factor authentication is easy to do for workstation and server logins, but what about your web-based applications? With its DualShield product, Deepnet Security offers a solution that can add that extra layer of security to those applications – at a very reasonable price point.
Large-scale deployment of multi-factor authentication services is a complex undertaking, and the administration of those services can prove problematic for administrators. DigitalPersona has put a great deal of thought into this, and as long as you’re using Active Directory, its Pro Enterprise product may just be the solution.
A big name in the digital certificate and identity space, Entrust should be a name familiar to all security consultants, and with good reason. With its IdentityGuard product, Entrust integrates physical and logical, mobile and cloud security, all at a surprisingly low price.
Protecting company data within the corporate network is one thing, but what happens when you need to take that data on the road? Imation offers a simple product that makes it easy to securely fulfil that need: the Defender F200 Biometric Flash Drive.
Companies looking for a turnkey out-of-band authentication solution need look no further than PhoneFactor. It is, quite simply, one of the easiest to implement multi-factor authentication solutions we’ve ever seen. It is a hosted solution, however, which may be a turn-off to some administrators.
The SafeNet Authentication Service offers an entirely cloud-based multi-factor authentication platform for the enterprise. It can tie in directly with the existing LDAP or Active Directory infrastructure and provide both hardware and soft token authentication options. It also includes many automation and user self-service options, such as user enrolment and ...
SecureAuth IdP combines a multitude of authentication and identity management features. It can be installed as an on-premise or cloud-based deployment for managing single sign-on and two-factor authentication for many facets of the enterprise infrastructure. It can also manage authentication for web and mobile applications, VPN and gateway authentication and ...
The Swivel Appliance from Swivel Secure is driven by PINsafe technology that allows users to combine PINs with randomly generated security strings to provide robust strong authentication.
Vasco pairs together its Digipass Go 7 and Identikey Authentication Server to provide solid out-of-the-box strong authentication to many applications throughout the enterprise environment.
TeleSign 2FA is a full API and SDK that allows an enterprise to integrate two-factor authentication into its existing web applications.
Although primarily known for top-shelf networking products, F5 Networks’ offering in the application security space is no afterthought. Available as a standalone appliance or module for one of its network products, the BIG-IP Application Security Manager (ASM) functions as a firewall, protecting web applications and services with a powerful policy ...
ForeScout CounterAct offers enterprise-class NAC, assuring network access based on real-time endpoint classification configuration assessment, user and endpoint compliance policy and automated response.
With large enterprise networks under constant attack from malicious entities, administrators need powerful defences. Imperva makes its appearance in this field to help hold attackers at bay.
On paper, InterScan Messaging Security from Trend Micro is a wonderful product. Combining on-premise software with an optional cloud-based pre-filter, the tool provides a flexible approach to email security. If we would have been able to get it working, we would probably be impressed.
Centrify Suite 2012 provides user provisioning and access control across the enterprise. The company’s approach to identity management and protection of user accounts, as well as system resources, made reviewing this product interesting and engaging.
The Cisco Email Security Appliance offers a wide variety of email security and content management features bundled into one package.
The Encrypted Mail Gateway from Echoworx offers a full cloud-based platform for seamless email encryption throughout the enterprise.
The NetWrix Identity Management Suite is actually a combination of several products that are bundled together and can be installed individually or together as one large suite.
Bit9 Parity is a policy-driven whitelisting solution for managing the applications and devices that can run on Windows computers.
Mobile device security vendor Good Technology, which Gartner Research placed in the ‘leaders quadrant’ in its annual MDM Magic Quadrant report this year, enables consumers and enterprise users to say good riddance to the security problems surrounding today’s multitude of mobile devices.
Protect On Q (POQ) v2.7 from Quarri Technologies is a security software solution that empowers organisations to protect browser-delivered content from compromise on the endpoint.
Trend Micro’s Enterprise Security for Endpoints is a centrally managed security suite for desktops, laptops and mobile devices.
The Security Management Suite from AlgoSec provides many features for both firewall policy and risk management. The suite can come bundled in a single appliance and includes two key components, the Firewall Analyzer and FireFlow.
The Control Compliance Suite enables enterprises to define security and compliance-related policies. These are mapped to detailed technical checks and/or specific procedural questionnaires that measure overall risk and compliance within the IT environment.
RSA NetWitness is a network-monitoring system designed to handle a wide range of information. NetWitness comes in three parts: a Concentrator (a Linux-based network appliance), Decoder (a configurable network-recording appliance) and Investigator (an interactive threat analysis application).
The Cyberoam CR1000ia is a full-feature network security gateway that provides solid protection from a multitude of threats.
Want an appliance that combines a powerful vulnerability scanner, penetration testing, web application scanning, compliance checks and integration into the existing environment? Well then, the McAfee Vulnerability Manager (MVM) should make your shortlist.
The Nexpose Enterprise Edition from Rapid7 is another tool that has grown into a vastly different product over the years. This latest version, we believe, is the best yet.
M86 Secure Web Gateway (SWG) v10.1 proactively safeguards against malware and Web 2.0 threats using patented real-time code analysis, dynamic web repair technology and granular social media controls.
Check Point’s new 2200 Appliance family is designed for SMEs that want affordable enterprise-level network security.
Aimed at SMEs and remote office deployments, Fortinet’s FortiGate 111C offers a range of security measures that defies belief. Another benefit is that all features are developed by Fortinet, so it doesn’t rely on any third-party services.
Businesses can cut costs by virtualising their security appliances, and Panda’s latest Virtual GateDefender Performa (VGP) looks to offer some big savings.
Barracuda’s extensive family of Spam and Virus Firewall appliances covers virtually every size of business; in this review we take a closer look at the enterprise-level 900 model.
BlackShield Cloud is designed to be simple to deploy and capable of slotting in neatly with a company’s workflow processes.
There may be plenty of endpoint security solutions on the market today, but G Data has always stood out for value. The latest version of its EndpointProtection Business (EPB) continues this tradition and adds a number of welcome features.
Wiebetech’s Drive eRazer Ultra is a small standalone product that securely erases IDE and SATA hard disks.
ArcSight’s L7400x compresses log data at an average ratio of 10:1, which equates to about 45TB of log storage space.
Many network access control solutions have been criticised for being expensive and complex, but not so with ForeScout’s CounterACT.
LogLogic specialises in log data management, and its latest MX-Virtual offers a low-cost entry point into the world of regulatory compliance.
Despite the obvious security benefits, applying the principles of least-privilege user access (LUA) to Windows users can be complex and costly for enterprises. Avecto’s Privilege Guard aims to make LUA a reality with a policy-driven solution that’s simple to deploy and manage.
NitroSecurity’s NitroView ESM/ELM 4000 provides an all-in-one solution for collecting, analysing and correlating all log data and events for regulatory compliance.
Cisco continues to strengthen its focus on the burgeoning SME network security market, and its latest RV220W router mixes together wired and wireless services with a good helping of IPsec plus SSL VPN features and serves them up with web content filtering.
Endpoint protection products tend to have a high price tag, but Sophos’ latest Endpoint Security and Data Protection (ESDP) 9.7 looks comparatively good value.
Stonesoft’s StoneGate Intrusion Prevention System (IPS) appliances provide protection for internal networks and are designed to work together with its firewalls to deliver a complete security solution.
GFI’s WebMonitor 2011 is software-only, so you can pick the hardware to host it.
Netgear’s ProSecure UTM appliances have traditionally targeted small businesses, but the UTM150 moves the focus up to larger companies.
Educating users about data loss prevention (DLP) can be a time-consuming and, frequently, disheartening experience, so why not make them part of the process instead?
Many security vendors are struggling to cope with the rapid evolution of business internet usage, but Websense’s Triton Security Gateway Anywhere (TSGA) intends to bring order to chaos.
ProxyOne is designed to provide mid-sized businesses with easy-to-deploy, enterprise-level web security.
AVG has a strong following thanks to its popular free consumer anti-virus software.