Beyond the basics of policy-based end point security

Every product we tested offered features that went beyond our baseline tests, and many of these features are worthy of consideration.

For example, the Cisco Clean Access (CCA) appliance lets you tie in Nessus plugins for vulnerability scanning, a combination that lets you create custom checks for your own environment instead of just relying on the standard signatures.

CCA also provides the ability to prioritize policy checks, allowing you to enforce one policy over another if it is more important for your environment. It also supports roaming between CCA servers as mobile users change networks without re-authenticating.

InfoExpress supports a number of enforcement modules - most we were not able to test - such as RADIUS EAP (802.1X ) and Airespace wireless LANs, which provide additional methods to authenticate and authorize devices on your network.

While Trend Micro's Network VirusWall 2500 sits inline and watches your network traffic for policy enforcement, it also keeps an eye out for virus infections. The product's Network Outbreak Monitor will watch for signs of an attack, such as connections on known bad ports or a large increase in network sessions based on information you provide about your baseline network activity. When it detects that an outbreak might be occurring, the monitor triggers an alert so the issue can be investigated.

Check Point provides a second type of agent with its Integrity 6.0 product, called the Integrity Flex agent, which provides end users with a full management interface to create their own policy, ideal for those home computers used to connect to the corporate network. Integrity 6.0 also includes the Check Point Malicious Code Protector, a built-in host intrusion prevention engine that identifies known malicious programs and processes so that administrators do not need to research all the programs and create their own policies.

Citadel released Hercules 4.0 after testing was completed. This release offers a number of enhancements to improve compliance audit and enforcement tasks and introduces the Hercules appliance. A compliance-checking mode has been introduced that allows an administrator to receive a report on an endpoint's status without forcing immediate remediation. Remediation actions can be schedule to occur at a later time. A dashboard has been added to provide a quick graphical view of the compliance status of all monitored devices. Additional reporting also has been added to the already strong reporting engine.

Vernier's EdgeWall feature provides a number of customization options for the logon, guest registration, scan-in-progress and stop-scan Web pages. These are the Web pages the end user sees when performing the actions described above or being blocked from access because they don't match the defined policy. EdgeWall also provides the ability to create a log-off pop-up. PatchLink provides system inventory information for all systems running the PatchLink agent, which includes hardware, software and services.

Senforce provides several unique features. One lets administrators control wireless connectivity options through Senforce policies, such as enabling/disabling wireless connections, managing Wired Equivalent Privacy keys, and dictating what adapters can be used, which access points a system can associate with, how a system should respond to signal strength levels.

Back to Clear Choice Test: Endpoint security products

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.