The fast-spreading plague of Internet-based viruses, worms and Trojan horses has turned the Internet into the technological equivalent of a ghetto filled with crack houses. To protect their networks, security specialists have turned their gaze toward end-point security strategies that promise to check the security posture of the client machine before it connects to the network.

In the LAN arena, everyone from Cisco to Microsoft has come up with an end-point security architecture. Because SSL VPNs bring remote users into the network, end-point security strategies have crept into SSL VPN products. If anything, the argument is stronger: A remote access user is more likely to be in unfriendly or uncontrolled network environments, and thus, in greater need of evaluation.

SSL VPNs offer their own innate protection against viruses and malware. When SSL VPNs are used as Web proxies, the end user doesn't have direct access to the network. Therefore, the most vicious threats are not directly relevant. This turns out to be a very good thing, because our testing showed that end-point security in SSL VPNs is so poorly designed and implemented that it will only work in certain constrained cases. If there's a train wreck of a technology in this product niche, end-point security is it.

End-point security technology can be delivered in several ways. Several vendors, including AEP and Array, lean entirely on a third party, Sygate (now owned by Symantec), to provide a centralized model for security scanning. The theory is that if you have Sygate for some other purpose (such as a personal firewall), then you can integrate cleanly with an existing system.

Other SSL VPN vendors, such as Aventail, integrate with several third-party tools, giving you a choice based on your corporate standard.

The final delivery option for vendors is to grow their own. Vendors put together their own technology, often in combination with some OEM product, such as the Opswat software development kit. Aventail, Caymas, Check Point, F5, Fortinet, Juniper, Nokia and Nortel all build their own end-point security software to varying degrees.

Sometimes end-point security is delivered as part of the product; other times, it's an add-on at extra cost.

Whitepapers

• Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
• How to Offer the Strongest SSL Encryption
• Maximizing Site Visitor Trust Using Extended Validation SSL
• Seven Steps to Reducing your Security Risk
• The Latest Advancements in SSL Technology
• Vulnerability Management For Dummies

View more SECURITY whitepapers

Webcasts

• Mobile Data Security
• Best Practices for Deploying WAN Optimization for Disaster Recovery
• Key Considerations for a Successful 802.11n Deployment
• Solutions to the Toughest IT Challenges in Remote Offices
• Lowering the Cost of Email Archives
• High Availability for SQL Server 2005 Using Array-Based Replication and Host-Based Mirroring Technologies

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• Taking Virtualization Up a Notch
• The self-managed network

View more SECURITY special reports