One Size Does Not Fit All

Printer-friendly version Email this CRN article

It’s getting more and more difficult to find one-size-fits-all Information Technology, and perhaps the area where this is the truest is in enterprise security.

It’s not even enough to classify networks by the longtime descriptor of “SMB” or “Enterprise.” A business with 10 employees can have a million customers—which would make it a small business with a set of Fortune 500 IT requirements.

Businesses split their technology between their own, internal data centers and hosted solutions. They split between Windows and Linux; desktop endpoints, mobile endpoints and virtual endpoints.

And just when the industry starts tempting you to believe security has finally caught up, along comes information like this, which was posted just this month by the University of Hawaii:

“The University of Hawaii at Manoa today began notifying approximately 53,000 individuals listed in a system database, housed on a computer server used by the Parking Office, that a recent security breach may have exposed personal information— including approximately 40,870 Social Security numbers and 200 credit card numbers.”

Universities are institutions that not only lead the way in teaching about IT security, they lead the way in many cases in developing IT security -- including best practices. How this university wound up grappling with a breach of this size will be one for the auditors to figure out. For now, for the purposes of this month’s CRNtech, let’s just look at it like this:

Network security is never “one-size-fits-all” anymore, and learning that the hard way can be a lot more uncomfortable than a tight pair of pants.

For this month’s roundup, we looked at three separate networkfocused security solutions to examine what types of IT networks might best use them in handling the constantly changing threat landscape. We liked them all, and found that VARs could deliver them into customer enterprises with nice value.

NEXT: Trend Micro Deep Security 7.0


Trend Micro Deep Security 7.0

Trend Micro has spent a lot of time and resources working to tailor its security technology to maximize the growth of cloud-based IT. The company describes the latest version of its Deep Security franchise, Deep Security 7.0, as a collection of “Protection Modules,” including deep packet inspection, firewall, integrity monitoring and log inspection. Because Deep Security 7.0 provides security at the server layer -- whether that’s a virtual server or hosted server -- Trend Micro says this is a solution that can provide security from on-premise iron to the cloud.

We installed this software on a virtual Windows Server 2003 in the CRN Test Center Lab, a process that took about a half hour. From this VM, Deep Security 7.0 ran a quick asset inventory and located both physical and virtual computers. The management console of the software provides a VAR or administrator with one interface for management of computers, security profiles, firewall events and rules, DPI events and rules and more.

Task scheduling is fine, and allows tasks ranging from openport scans to software updates to computer discovery tasks to be scheduled on an hourly basis through a weekly basis. We ran several different baseline tests to make sure it worked, and found that it was able to correctly search for open ports, and ran a successful inventory check, for example.

The firewall provides 71 different prewritten rules by action type, which can be assigned by groups ranging from mobile devices to desktops. The rules are written for the needs of both physical devices as well as virtual devices; Deep Security 7 allows firewall rules to be written for VMware vCenter Servers, to monitor packet traffic.

Application control allows for the control of file-sharing services (like Kazaa) or IM services, from AIM to Skype to ICQ from within a network. We wanted to create a rule to ban use of Skype. But the application control feature does provide a warning that Skype use can’t be prevented because of the “flexibility of the protocol.” Instead, it allows for alerts to be provided at customized intervals when Skype is used on a network. The same is true for ICQ, for example.

Trend Micro prices Deep Security 7 on a per-server basis starting at $885 per license, with virtual server licenses available for VMware environments, with unlimited agents per host, starting at $2,100.

We’re control freaks, so we would have preferred that Deep Security 7.0 provide the option to ban instant messaging or other applications, but that’s nitpicky considering that other solutions exist to do that and Trend Micro provides so many other benefits for providing security in any manner of environments.

NEXT: Kaspersky Lab’s Kaspersky Business Space Security/Kaspersky Administration Kit

Kaspersky Lab’s Kaspersky Business Space Security/Kaspersky Administration Kit

So, we started this off by talking about how one size doesn’t fit all and now we’re going to shift into a discussion of Kaspersky Administration Kit, which is an element of its Space Security software that, in many ways, attempts to allow one size to fit all. Well, it sort of does.

The solution is designed to allow for organizing and managing security throughout an entire network, from PCs and servers running Windows and Linux to mobile devices on Windows Mobile and Symbian handhelds. That’s a tall order in a segment that is continually pressing the issue on specialization for security in every segment and at every milepost on the IT road map.

But Kaspersky Administration Kit does a couple of things so well for smaller enterprises that we believe it’s a must-consider:

•It provides simple, straightforward installation on either a server or PC, allowing for quick and simple deployment in minutes.

•Its “Managed Computers” console gives VARs or system administrators quick and easy capability to inventory, configure and manage PCs on a network -- from task-creation to simple antivirus deployment for PCs.

•Report creation and management, which is a necessary means of compliance in many scenarios, even for the smallest of businesses, is a breeze -- which we’ve found isn’t necessarily always the case. Reports are graphical, real-time and provide nice data on antivirus database usage, incompatible applications, license usage, virus reports and a full spectrum of information.

Kaspersky Business Space Security is priced at $390 for a license for 10 workstations or file servers for a year, which is competitive.

NEXT: Symantec AntiVirus for Caching

Symantec AntiVirus for Caching

We’ve looked at a number of Symantec products over the years, and the company’s technology has always been solid and taken sound approaches to business IT security.

Earlier this year, in fact, the CRN Test Center reviewed Symantec’s End Point Protection Small Business Edition, and found the company was offering a solution for smaller enterprises that did three important tasks of note for VARs: it cut out cost, it cut out complexity, and it stopped threats.

But the company has also spent hundreds of millions of dollars over the years developing technology that could be deployed for very specific tasks on a network. With that in mind, we took a closer look at Symantec’s AntiVirus for Caching.

With performance a never-ending issue for networks, a neat little optimization solution is the use of caching to speed up delivery of data to endpoints. But viruses -- which focus on leveraging enterprise soft spots, like some caching appliances -- can appear, and create havoc, on just about any node on a network.

Symantec AntiVirus for Caching, once installed, is browser-based and provides for higher-performance virus scanning and repair services over HTTP traffic that is served through a caching device. Its aim: to make sure that infected files don’t pass through that device and spread throughout a network.

The software works on Windows 2008 32-bit and 64-bit, Windows Server 2003 32-bit and 64-bit, Red Hat Enterprise Linux 5.x 32-bit and 64-bit, Solaris SPARC 9 and 10 32-bit, and several others; it also works with Mozilla Firefox 1.5 or later and Internet Explorer 6 SP1 or later.

We installed the software on Windows Server 2003 32-bit. A word of note: The software requires Java Runtime Environment 1.5 build 13 or greater, but having JRE 1.6 didn’t do the trick. We still needed to go back and install the 1.5 version.

Virus definitions were updated via Symantec’s LiveUpdate Administration utility, which ensures viruses that make their way into a cache appliance are covered the same way as viruses that enter a server or PC.

Once the software is installed on a management console, it can work on caching appliances, including Blue Coat’s Proxy SG, Network Appliance’s NetCache and Cisco’s ACNS Content Engines.

Pricing was not immediately available.

Not all networks use caching devices, but those that do will want to adhere to best practices and make sure that compliance issues are front, center and clear, and are handled in a straightforward manner. For those enterprises that use a caching device and enjoy the performance benefits they bring, considering integration of Symantec’s technology would be well worth the time.

IT security is becoming more fragmented over time, not less fragmented, in the types of offerings, approaches, pricing scales and complexity available to VARs and their customers. It’s also going to get more fragmented, not less fragmented, over time as IT itself becomes more complex.

The common thread for all of the above three solutions is that their antivirus performance has been tested and has been trustworthy over time, and each has an established channel program and experience at working with VARs.

Each also provides an approach that can be tailored for specific solutions: In the case of Trend Micro’s Deep Security 7.0, it’s terrific for enterprises that take a hybrid approach to IT that includes standard on-premise servers as well as either virtualization or cloud-based solutions. For Kaspersky, we like the way the company has delivered significant enterprise-level antivirus and management capabilities in a sensible way for small business to participate. In the case of Symantec, we see that the company is able to deliver its technology nicely beyond PCs and servers into the world of appliances -- in this case, caching appliances that may be forgotten by security audits in some networks.

While 2010 is a year of transition in many regards for IT and IT security (considering cloud and mobility technologies that are driving a lot of change), we believe VARs can show some confidence in each of these three vendors moving forward to be ready to deploy security regardless of how this transition shakes out.

COMMUNITY: Connect with the CRN Test Center at


Printer-friendly version Email this CRN article