Finjan Stays One Step Ahead Of Threats

The shift has resulted in a line of appliances capable of supporting networks of 250 to 250,000 users. Moreover, the San Jose, Calif.-based company said it is revving up its channel program to support the new focus.

CRN Test Center engineers recently evaluated Finjan&s Vital Security Appliance Series NG-5100. The device is a fully integrated appliance capable of protecting infrastructure at both the gateway and the desktop.

In its most fundamental form, the NG-5100 is an HTTP proxy appliance. It performs multiple types of scanning. For example, it has a URL categorization scanning module. The product provides enterprise users with protection against malicious and inappropriate content using either a SurfControl or Secure Computing software module. As for its antivirus engine, the appliance supports products from both McAfee and Sophos.

Three unique intrusion-detection modules from the company really differentiate the new Finjan appliance.

The first is the Application-Level Behavior Blocking module, which scans active code written in JavaScript or VBM, as well as downloadable executables and Active X controls. The technology assesses content with an eye on finding suspect combinations that might signal some sort of exploitative behavior before they begin to run on the end user&s PC. By working at the application level, it determines the full set of behaviors that the content will exhibit when loaded into the target application. For example, will it try to open up a network connection, or is it going to delete a file?

The solution provider then can set policies as to which active content is allowed or disallowed. For example, the administrator can set a policy to block JavaScripts attempting to access the user&s desktop. This functionality allows the company to prevent the majority of attacks.

The second module is Finjan&s antispyware module, which is at the core of the NG-5700 appliance and is available as an add-on to the NG-5100 model. Finjan&s scanning technologies inspect application-level traffic that might carry spyware and analyzes the behavior of the code before it acts. All spyware blocks are logged.

The third module is what the company calls its Vulnerability Anti.dote technology. Once a vulnerability is identified and is considered a real-world threat, Finjan takes that information into its labs and creates a patch for it. It then sends an update profile to its customers.

Finjan&s technology represents an optimal balance between powerful, proactive Web security and patch management. Based on the company&s knowledge of new software vulnerabilities, Finjan&s security experts can create new behavioral rules that enable the scanning engines to identify and block new threats as they emerge.

Finjan offers these modules through either monthly or annual subscriptions. The company guarantees a 100 percent threat-free environment to customers, backing this with the promise of free subscription modules if code is breached.

Depending on the modules picked and the appliances, pricing can be complicated. For example, pricing for Finjan&s Vital Security Appliance NG-5100 appliance based on 501 users—including a one-year subscription and a license for Finjan Next Generation Application-Level Behavior Blocking module—is about $9,566. That price includes Finjan&s Silver Support package, which provides free technical support during local business hours.

Finjan is selective about which partners are qualified to join its program.

VARs must have security and network knowledge, at a minimum. Finjan said the goal of its program is to develop a community of trained Finjan Reseller experts that can promote proactive security solutions that can make a significant impact in reducing organizational downtime and expenses due to new and unknown Internet attacks—all while making an above-average profit on the total solution.

The company said it provides reseller margins of 25 percent to 30 percent.