Product Group Tests
When you consider the amount of features, the ease of installation and configuration and the included support, McAfee Secure Internet Gateway 3000 is the SC Best Buy.
With its medium range costs, good features and its ease to install and maintain, ESoft's ThreatWall is rated SC Recommended.
Full Group Summary
Secure content management solutions protect organisations against many evils: malicious code, inappropriate usage, network attacks and spam. Justin Peltier looks at some imperative tools.
As defined for this group test, secure content management (SCM) tools are gateway devices with multi-purpose functionality that includes filtering incoming and outgoing traffic for possible malicious code, inappropriate content and network attacks. These solutions are becoming indispensable because they protect an organisation from the most likely causes of a security breach.
Secure content management shields the business from malicious code outbreaks by scanning email, web, and file transfer traffic for viruses and worms. SCM devices also protect an organisation from unauthorised usage of systems and client-side exploits. Client-side exploits require a user to visit a site either through email or web traffic and once the client arrives at the site, a compromise is launched that allows the attacker to take complete control of the device.
A variation of the client-side exploit is the phishing attack, in which the attacker is trying to steal the client's information, such as credit card numbers, as opposed to taking control of the machine.
Another benefit of SCM is that it offers protection against inappropriate usage. This often occurs when an employee uses the existing internet connection to browse unsuitable websites, for example those with adult content or gambling.
Another form of this misdemeanor is when a user installs unlicensed or unauthorised software on to their client machine. SCM devices protect against both types of inappropriate usage by filtering URLs from clients to only allow access to permitted websites.
One of the best examples of the inappropriate usage protection a SCM device can offer, is the filtering of anonymiser sites. These sites allow the user to browse a second site inside of a web session on the first site. These pseudo proxies exist to allow users to bypass an organisation's content filtering. Most SCM devices block access to these types of sites.
Another security feature of an SCM product is protection from denial-of-service attacks. Devices achieve this by scanning any web downloads for malicious code before the code enters the organisation's client network. However, SCM tools do not protect against resource starvation attacks, such as a SYN flood or the distributed denial-of-service attacks that became popular in early 2000s.
Finally, SCM devices act as spam filters. Most solutions use a combination of blacklists, whitelists, heuristics, reverse domain name service (rDNS) checks, sender policy framework (SPF) checks, as well as learning mechanisms that update the spam filtering by incorporating data learned from spam reporting and from legitimate email.
How we tested
Most of the products submitted were appliance-based products, although we did have some software-based solutions. We installed the tools into our test lab, looking for ease of installation and configuration, quality of documentation and features provided. Once each device was set up we attempted to change the rule set to allow or block sites that were included in the default filtering list.
The installation of these devices varied as did the type of offering. The SmoothWall product used a hardened Linux platform to run its SCM package, while the CA solution used a Windows 2003 Advanced Server.
The other offerings were appliances. The McAfee device used a keyboard and VGA connection to open the initial configuration. The CP Secure and eSoft offering both used the LCD panel on the front of the device to assign an IP address for initial setup. With the exception of the CA product, the primary configuration interface for all of these devices was a web-based interface.
The web interfaces were actually quite different from one another. Some layouts were logical and easy to follow, while others were so complex it felt as if a training course was needed just to perform the simplest configuration tasks.
In addition to the wide range of platforms, the prices of the devices varied greatly. The least expensive offering was the SmoothWall at £400, the most expensive was the CP Secure offering at £22,374. Despite the price range, we were able to find advantages to each offering and the mid-priced devices, the McAfee Secure Internet Gateway Model 3000 at £1,848 and the eSoft ThreatWall at £2,137 were rated as the Best Buy and the SC Recommended respectively.
- For details on how we test and score products, visit http://www.scmagazineus.com/How-We-Test/section/114/