GFI LANguard S.E.L.M. Identifies, Prevents Network Intrusions

Longtime security vendor GFI looks to identify and prevent intrusions with the GFI LANguard Security Event Log Monitor (S.E.L.M.), a comprehensive security package. S.E.L.M. includes realtime monitoring of critical security events and periodic analysis of Microsoft Windows NT/2000/XP security logs so administrators can detect and respond immediately to internal and external attacks.

With Microsoft Windows-based servers in widespread use and a constant stream of security vulnerabilities associated with that platform, intrusion detection and prevention start to fit into the must-have category for any company, especially those performing e-commerce or bound by privacy legislation such as HIPAA.

LANguard S.E.L.M can be purchased via perserver or per-seat pricing, with a typical three-server license going for $395. For companies looking to extend intrusion detection to the workstation level, licenses can be added to the package starting at $160 per five workstations. Higher-license-count server and workstation bundles are available at discounted prices. In addition, software maintenance agreements are available on a yearly basis at 20 percent of the product's initial cost and provide technical support and software upgrades.

LANguard S.E.L.M. helps solution providers to extend their offerings beyond intrusion detection. The product can evaluate both operating system and application security logs and then notifies administrators of abnormal events. This capability can be readily used to build monitoring service contracts. What's more, solution providers can also use the product to identify security issues and offer lucrative remediation services.

Test Center engineers tested the product on a server running Microsoft Windows Small Business Server 2003. Installation was straightforward and was eased by the product's comprehensive installation guide. The product requires Microsoft's Message Queuing Service and will install that component if it is not already in place. Auditing also must be enabled at the operating system level; by default, most Microsoft OSes have auditing disabled. The product's data repository can use either SQL server or MSDE if SQL Server is not available.

Installers will set up basic policies for monitoring during installation; the process is speeded along by intelligent prompts that identify systems on the network that can be monitored. Solution providers will want to use additional policies and alerts to take advantage of what the product has to offer.

Administrators will find the management console easy to master because of its tabbed pages and well-defined prompts. Solution providers will want to define event-logging and notification policies as one of the first configuration steps.

The heart of the product lies with event-processing rules, and several default rules are included. Those rules determine what behavior to monitor and what action to take when an event occurs. For example, a rule could be defined to notify an administrator any time an account attempts to access a particular share or file. The product can process rules either in realtime or as part of an audit process, which offers the best of both worlds for those performing auditing and realtime security monitoring tasks.

On the auditing side of the equation, LANguard S.E.L.M. offers a powerful reporting engine. Solution providers can quickly define custom reports to determine security compliance or locate suspicious events. Creating a custom report for failed logons or off-hours access can become a powerful instrument for tracking down security problems and developing a remediation plan.

CHANNEL PROGRAM SNAPSHOTS
>GFI LANguard Security Event Log Monitor (S.E.L.M.)
PRICE: See text
MARGIN: 30 percent
DISTRIBUTORS: Direct from vendor
TECH RATING:

CHANNEL RATING:

CHANNEL OVERVIEW: Product distribution, sales and technical support for Malta-based GFI are handled by GFI Software USA, an independent company based in Cary, N.C. GFI's representatives participate in joint sales over the phone and provide other assistance. The vendor offers priority technical support and numerous marketing materials in its multitiered channel program. GFI's solution provider Web site includes promotional materials, competitive information and technical support materials.

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.