Sygate Secure Enterprise
from $7,500 (250 users)
Comprehensive policy settings for all users on the network no matter who, or how they use the network
Quite a bit more complicated than the other products in the test to set up.
Complex but comprehensive policy management application but the best for remote users.
This suite of applications consists of the main Sygate Management Server, Security Agent for servers and workstations, a VPN and wireless security application. These enforce security policies at those particular entry points onto the corporate LAN. The idea behind this is to secure as many points of the network from one suite of applications, and it certainly appears to work well enough.
Installation of the software requires quite a meaty machine to work properly. The manufacturers suggest at least a Pentium III running at 900MHz with 256Mb (512Mb recommended). However this is probably to ensure that the server can scale properly to enterprise level. The machine also has to be running SQL 2000 Server and Internet Information Services 5.0 as well (URLScan must be disabled to work properly).
Once installed and running the main console is Java-based and propagates a global policy to all users and groups within the organization. From this global policy, sub policies can be created that supersede or add to it. Further sub policies can be created and form a nest of policies, all inheriting policies from their parent policies.
The product allows multiple administrators to oversee different tasks and groups of users. This means that each group can have an administrator dictating security policy to their own branch or group.
It was also the only one in the test to allow different policies to run on one machine based on what task users undertake or where they are based. The policies can also be created around applications, IP addresses, VPN adapters and times.
Running tests against the software showed what it was capable of - its key enhancement is its ability to automatically remediate systems that are non-compliant with policies. The application can fool an attacker into believing a machine is running a different operating system than it actually is. The security agent can use OS masquerading to pretend, for example, it is a Linux server instead of a Windows box. This is handy to deter the odd script kiddie but will probably not prove too helpful against a more determined attacker.
Overall this is useful for security administrators to provide security policies to all users regardless of where they are or how they connect to the corporate network. However it is quite difficult and complex to set up the policies in the first place.