Finjan Vital Security Web Appliance NG-6000S
Online threats are getting ever more sophisticated. Does Finjan’s web content security appliance have enough craft to stay one step ahead?
Businesses are increasingly coming under threat from ever more sophisticated and cleverly crafted attacks designed specifically to fox traditional scanning methods. Finjan specialises in web content security and its range of Vital Security appliances offers an interesting selection of unique features that have a highly proactive stance when faced with new threats.
On the front line is Finjan's patented active real-time content inspection, which is designed to identify malicious code and block it. Instead of using a sandbox it examines the code to see what it would do. It checks it through to completion and then blocks it if it doesn't like what it sees. Finjan's Anti.dote provides protection in the gap between a new threat being identified and a patch being made available. When a threat is identified Finjan downloads a custom rule set to the appliance that enables it to detect and block it during this phase. Lastly, you have Finjan's spyware protection, which uses a combination of behavioural analysis and known spyware URL lists.
Optional anti-virus measures are on offer and you can choose between Kaspersky, McAfee or Sophos. Web content filtering is also available and you can go for either Websense or IBM's Proventia services.
On review is the Web Appliance NG-6000S, which is delivered as an IBM x3650 2U rack server sporting a decent overall specification. Deployment in the lab was easy enough as the NG-6000S defaults to an explicit proxy. All you need do is change your client's browser proxy settings and this can be done easily enough with group policies. The appliance can also function as a transparent proxy and now provides proxy authentication, although you will still need to redirect LAN to WAN traffic to the appliance for scanning.
Another new feature is support for WCCP (web cache communication protocol). This is used by Cisco's PIX and ASA firewalls and some of its switches so you can now forward web traffic to the appliance from these devices for inspection. Finjan has simplified initial installation by replacing the web GUI with a wizard based CLI setup where you can use a local monitor and keyboard or remote connection over SSH. At this stage you choose your mode of operation and we went for the all-in-one option but you can use multiple appliances that provide load-balanced scanning services with all reporting to a central policy enforcement server.
The management web interface sees some welcome graphical refreshment and we found it easier to use as the security policies are now presented in a simple tree structure. Each policy comprises rules with each containing conditions and actions. Each rule focuses on a specific threat type so you'll have ones for dealing with malicious content, file blocking by extension, web content blocks, anti-virus scans and so on there's a huge range to choose from. There's more in the new features department as Finjan also offers optional scanning of HTTPS traffic. The appliance terminates encrypted streams and inspects the content first and this is also controlled with the use of policies.