One Size Does Not Fit All

Printer-friendly version Email this CRN article

It’s getting more and more difficult to find one-size-fits-all Information Technology, and perhaps the area where this is the truest is in enterprise security.

It’s not even enough to classify networks by the longtime descriptor of “SMB” or “Enterprise.” A business with 10 employees can have a million customers—which would make it a small business with a set of Fortune 500 IT requirements.

Businesses split their technology between their own, internal data centers and hosted solutions. They split between Windows and Linux; desktop endpoints, mobile endpoints and virtual endpoints.

And just when the industry starts tempting you to believe security has finally caught up, along comes information like this, which was posted just this month by the University of Hawaii:

“The University of Hawaii at Manoa today began notifying
approximately 53,000 individuals listed in a system database,
housed on a computer server used by the Parking Office, that
a recent security breach may have exposed personal information—
including approximately 40,870 Social Security numbers
and 200 credit card numbers.”

Universities are institutions that not only lead the way in teaching
about IT security, they lead the way in many cases in developing
IT security -- including best practices. How this university wound up grappling with a breach of this size will be one for the auditors to figure out. For now, for the purposes of this month’s CRNtech, let’s just look at it like this:

Network security is never “one-size-fits-all” anymore, and learning that the hard way can be a lot more uncomfortable than a tight pair of pants.

For this month’s roundup, we looked at three separate networkfocused
security solutions to examine what types of IT networks might best use them in handling the constantly changing threat landscape. We liked them all, and found that VARs could deliver them into customer enterprises with nice value.

NEXT: Trend Micro Deep Security 7.0

Trend Micro Deep Security 7.0

Trend Micro has spent a lot of time and resources working to tailor its security technology to maximize the growth of cloud-based IT. The company describes the latest version of its Deep Security franchise, Deep Security 7.0, as a collection of “Protection Modules,” including deep packet inspection, firewall, integrity monitoring and log inspection. Because Deep Security 7.0 provides security at the server layer -- whether that’s a virtual server or hosted server -- Trend Micro says this
is a solution that can provide security from on-premise iron to the cloud.

We installed this software on a virtual Windows Server 2003 in
the CRN Test Center Lab, a process that took about a half hour. From this VM, Deep Security 7.0 ran a quick asset inventory and
located both physical and virtual computers. The management
console of the software provides a VAR or administrator with one
interface for management of computers, security profiles, firewall
events and rules, DPI events and rules and more.

Task scheduling is fine, and allows tasks ranging from openport
scans to software updates to computer discovery tasks to be scheduled on an hourly basis through a weekly basis. We ran several different baseline tests to make sure it worked, and found that it was able to correctly search for open ports, and ran a successful inventory check, for example.

The firewall provides 71 different prewritten rules by action type, which can be assigned by groups ranging from mobile devices to desktops. The rules are written for the needs of both physical devices as well as virtual devices; Deep Security 7 allows firewall rules to be written for VMware vCenter Servers, to monitor packet traffic.

Application control allows for the control of file-sharing services
(like Kazaa) or IM services, from AIM to Skype to ICQ from within a network. We wanted to create a rule to ban use of Skype. But the application control feature does provide a warning that Skype use can’t be prevented because of the “flexibility of the protocol.” Instead, it allows for alerts to be provided at customized intervals when Skype is used on a network. The same is true for ICQ, for example.

Trend Micro prices Deep Security 7 on a per-server basis starting at $885 per license, with virtual server licenses available for VMware environments, with unlimited agents per host, starting at $2,100.

We’re control freaks, so we would have preferred that Deep Security 7.0 provide the option to ban instant messaging or other applications, but that’s nitpicky considering that other solutions exist to do that and Trend Micro provides so many other benefits for providing security in any manner of environments.

NEXT: Kaspersky Lab’s Kaspersky Business Space Security/Kaspersky Administration Kit

Kaspersky Lab’s Kaspersky Business Space Security/Kaspersky Administration Kit

So, we started this off by talking about how one size doesn’t fit
all and now we’re going to shift into a discussion of Kaspersky
Administration Kit, which is an element of its Space Security
software that, in many ways, attempts to allow one size to fit all.
Well, it sort of does.

The solution is designed to allow for organizing and managing security throughout an entire network, from PCs and servers running Windows and Linux to mobile devices on Windows Mobile and Symbian handhelds. That’s a tall order in a segment that is continually pressing the issue on specialization for security in every segment and at every milepost on the IT road map.

But Kaspersky Administration Kit does a couple of things so
well for smaller enterprises that we believe it’s a must-consider:

•It provides simple, straightforward installation on either a server
or PC, allowing for quick and simple deployment in minutes.

•Its “Managed Computers” console gives VARs or system
administrators quick and easy capability to inventory, configure
and manage PCs on a network -- from task-creation to simple
antivirus deployment for PCs.

•Report creation and management, which is a necessary means
of compliance in many scenarios, even for the smallest of businesses,
is a breeze -- which we’ve found isn’t necessarily always
the case. Reports are graphical, real-time and provide nice data
on antivirus database usage, incompatible applications, license
usage, virus reports and a full spectrum of information.

Kaspersky Business Space Security is priced at $390 for a license
for 10 workstations or file servers for a year, which is competitive.

NEXT: Symantec AntiVirus for Caching

Symantec AntiVirus for Caching

We’ve looked at a number of Symantec products over the years,
and the company’s technology has always been solid and taken
sound approaches to business IT security.

Earlier this year, in fact, the CRN Test Center reviewed
Symantec’s End Point Protection Small Business Edition, and found the
company was offering a solution for smaller enterprises that did three important tasks of note for VARs: it cut out cost, it cut out complexity,
and it stopped threats.

But the company has also spent hundreds of millions of dollars over the years developing technology that could be deployed for very specific tasks on a network. With that in mind, we took a closer look at Symantec’s AntiVirus for Caching.

With performance a never-ending issue for networks, a neat little
optimization solution is the use of caching to speed up delivery
of data to endpoints. But viruses -- which focus on leveraging
enterprise soft spots, like some caching appliances -- can appear,
and create havoc, on just about any node on a network.

Symantec AntiVirus for Caching, once installed, is browser-based
and provides for higher-performance virus scanning and repair services over HTTP traffic that is served through a caching device. Its aim: to make sure that infected files don’t pass through that device and spread throughout a network.

The software works on Windows 2008 32-bit and 64-bit, Windows
Server 2003 32-bit and 64-bit, Red Hat Enterprise Linux 5.x 32-bit and 64-bit, Solaris SPARC 9 and 10 32-bit, and several others; it also works with Mozilla Firefox 1.5 or later and Internet Explorer 6 SP1 or later.

We installed the software on Windows Server 2003 32-bit. A word of note: The software requires Java Runtime Environment 1.5 build 13 or greater, but having JRE 1.6 didn’t do the trick. We still needed to go back and install the 1.5 version.

Virus definitions were updated via Symantec’s LiveUpdate Administration utility, which ensures viruses that make their way
into a cache appliance are covered the same way as viruses that
enter a server or PC.

Once the software is installed on a management console, it can work on caching appliances, including Blue Coat’s Proxy SG, Network Appliance’s NetCache and Cisco’s ACNS Content Engines.

Pricing was not immediately available.

Not all networks use caching devices, but those that do will want to adhere to best practices and make sure that compliance issues are front, center and clear, and are handled in a straightforward manner. For those enterprises that use a caching device and enjoy the performance benefits they bring, considering integration of Symantec’s technology would be well worth the time.

IT security is becoming more fragmented over time, not less fragmented, in the types of offerings, approaches, pricing scales and complexity available to VARs and their customers. It’s also going
to get more fragmented, not less fragmented, over time as IT itself becomes more complex.

The common thread for all of the above three solutions is that their antivirus performance has been tested and has been trustworthy
over time, and each has an established channel program and experience at working with VARs.

Each also provides an approach that can be tailored for specific solutions: In the case of Trend Micro’s Deep Security 7.0, it’s terrific for enterprises that take a hybrid approach to IT that includes standard on-premise servers as well as either virtualization or cloud-based solutions. For Kaspersky, we like the way the company has delivered significant enterprise-level antivirus and management capabilities in
a sensible way for small business to participate. In the case of Symantec, we see that the company is able to deliver its technology
nicely beyond PCs and servers into the world of appliances -- in
this case, caching appliances that may be forgotten by security
audits in some networks.

While 2010 is a year of transition in many regards for IT and IT security (considering cloud and mobility technologies that are driving a lot of change), we believe VARs can show some confidence in each of these three vendors moving forward to be ready to deploy security regardless of how this transition shakes out.

COMMUNITY: Connect with the CRN Test Center at

Printer-friendly version Email this CRN article