Caymas Systems' Caymas 525

Newbie shows great promise.

Summary of Clear Choice Test of Caymas Systems' Caymas 525.

Data sheet for Caymas Systems' Caymas 525
Starting price: $45,000
Overall score: 3.6

A relatively new entrant in the SSL VPN space (first released in October 2004), Caymas has taken an incredible first stab at this market. Although our testing shows that the company has clearly got some kinks to work out in its Caymas 525, the underlying architecture and enabling technologies, such as the ability to set very complex security policies with ease (see policy testing results), show great promise.

Caymas is hedging its bets by selling the box as dual purpose: SSL VPN on one side, and internal LAN or wireless LAN access control on the other. Although you might find it hard to use the same box for both purposes, the company's idea is a valid one, because many of the same questions regarding authentication and access control from the SSL VPN side are equally applicable to a LAN environment. For example, in both cases, you are driving access control based on the authentication supplied by the user - what Caymas calls "identity-driven" in its particular marketing speak. This is different from traditional firewall policy that is based more on IP addresses (where you are) than user authentication (who you are) (see authentication interoperability test results).

Plus, there's no pesky and difficult HTML rewriter required to make a host of applications available to remote users (see application interoperability test results). Our greatest concern on that strategy is focus: will Caymas have the resources required to be excellent in both spaces? Or will one suffer from lack of attention?

Our testing of the Caymas product turned up some significant bugs, such as Outlook and Domino Web interface interoperability failure and end-point security checker incompatibilities (see end-point security test results), as well as missing pieces, such as caching of user credentials across sessions, and some little annoyances, including the management interface that takes nearly five minutes to load and a completely incomprehensible integration of Snort into the product. All of these are fixable, though, and it's easier to fix bugs than it is to redesign a product.

Being first counts for a lot, as the Neoteris/NetScreen/Juniper effort has demonstrated. But being late also has advantages. It's up in the air whether Caymas will be able to capitalize on those.

It's going to be difficult for Caymas to match what the top-tier vendors have put into their products, but Caymas has laid out a complete SSL VPN product set and has as much of a chance as anyone of being successful in the enterprise marketplace.

< Previous summary: Aventail | Next summary: Check Point >

Learn more about this topic

VPN vulnerability depends on implementation

11/22/05

Caymas unwraps security appliances

10/18/04

Caymas appliances restrict access

10/11/04

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.