Finjan Software VitalSecurity Appliance NG-5100 review
Whereas the majority of enterprise-level security appliances aim to provide a single-box solution to protecting networks, Finjan Software has taken a four-pronged approach. The Vital Security Series NG-5000 family comprises a quartet of identical appliances offering web-content scanning, anti-spam, load-balancing or SSL secure remote access.
The Vital Security Appliance NG-5100 on review provides all the muscle for anti-virus and anti-spyware measures plus web-content filtering. Larger businesses can use multiple appliances configured to spread scanning duties, while another functions as a policy server. But smaller companies can use a single appliance for all of these tasks. The NG-5100 uses Finjan’s patented behaviour-blocking technology. This works at the application level to identify malicious content; if it determines content is harmful, it can be blocked or removed.
Next up comes Finjan’s Anti.dote. This is designed to reduce the urgency with which Windows critical patches have to be applied. Finjan creates behavioural rules that allow the scanning engine to look out for web content trying to exploit new vulnerabilities. With this in place, Finjan reckons you won’t need to hit the panic button every time Redmond issues a new edict. You can start with just the appliance loaded with the behaviour-blocking component, which costs about £8,000 for a yearly subscription.
When we looked at Finjan’s Internet 1Box SME product, the installation routine was troublesome, but the NG-5100’s is much more straightforward. The Linux kernel is easier to manage and you start with secure web browser access rather than mucking about with the 1Box’s TightVNC remote access. A Quick-Start Wizard sorts out the appliance’s role: we chose the all-in-one option. For virus scanning you can use McAfee or Sophos, while SurfControl or Secure Computing are on hand for web-content filtering.
Although the appliance has plenty of network interfaces, only one can be used when the appliance is in all-in-one mode, as it’s designed to sit in a DMZ where all clients use it as their proxy server. It starts blocking dubious web content immediately and updates to the various components are fully automated. For the Anti.dote feature, the download interval can be as often as every minute if required. Policies are used to customise the appliance’s behaviour, each comprising a set of rules containing selected conditions and actions. It’s here that the power of the NG-5100 shines through, as policies can be created for just about any eventuality. Furthermore, the X-Ray option can be used to test any rule within a policy by allowing it to monitor web traffic passively and only create a log file.
Lists of conditions are maintained on the appliance, making it simple to create policies. You can assign these to individual users or groups. Any user who falls foul of a policy will be redirected to a warning web page from the appliance.
The price puts the NG-5100 firmly in the enterprise sector. But for this you’re getting a comprehensive security product backed up by Finjan’s zero-infection guarantee. It’s easy enough to install and configure, provides good reporting facilities and is designed to integrate neatly with the three other NG-5000 series appliances.