Finjan Vital Security Web Appliance NG-6000S

Online threats are getting ever more sophisticated. Does Finjan’s web content security appliance have enough craft to stay one step ahead?

A complete set of default policies are provided enabling you to start filtering web traffic immediately as even the medium level security policy contains 40 predefined rules. X-Ray is a very handy feature for safe testing as this can be applied to whole policies or specific rules where it runs them passively. The anti-virus scanners and web content filters are also configured with rules and Websense now offers over fifty URL categories to choose from.

All rules within a policy are carried out in strict priority but it's easy enough to change their position if required. Under normal circumstances the policy rules that control Finjan's active real-time content inspection reside near the bottom so they can catch anything smart enough to slip past all the other defences. To test this feature we pointed one of our client systems at a web site known to have an extremely unpleasant payload.

Rather than move the relevant rules to the top of the policy we gradually disabled each rule the Trojan hit so that it would eventually get to the content inspection rule. Remarkably, to achieve this we had to deactivate rules for Websense first followed by Kaspersky's anti-virus, Finjan's anti-spyware and then rules blocking files with missing digital signatures and suspicious file downloads. Once the Trojan's code had been analysed the appliance blocked it and we could see from the log files that Finjan determined it was trying to terminate existing processes, engage in illicit memory management and load other DLLs.

We tested the Websense service, which is also configured using policy rules. Each policy can be applied to different users and groups and these can be swiftly imported using LDAP. We tested this by switching on the gambling category and attempting to visit nearly fifty on-line bingo sites where Websense saved our hard earned cash by blocking us from every one.

Whenever the NG-6000S blocks access it redirects the user to a warning web page and posts an entry in its log file. It also maintains a database, which is used to produce more detailed reports for areas such as viral activity or accessing blocked sites and can export them in PDF, Excel or HTML forms. The reports are predefined but can be applied to specific users or groups if required.

Web borne threats are getting ever smarter with ploys such as dynamic code obfuscation designed to circumvent traditional signature based scanning. Finjan's NG-6000S is unlikely to get caught napping though as it's capable of offering a tough defensive posture that can be easily customised with rule based policies plus optional anti-virus scanning and web content filtering.

Verdict

Anti-spam and firewall measures must be sourced separately but for web content security you’ll be hard pushed to find defences that are tougher than those offered by Finjan’s Vital Security appliances. The use of security policies makes the NG-6000S very versatile, deployment is a breeze and the active real-time content inspection is quite unique.

Chassis: 2U IBM x3650 rack

CPU: 2 x 2GHz Xeon 5130

Memory: 2GB 667MHz FB-DIMM

Storage: 2 x 73.4GB IBM 10k SAS hard disks

RAID: IBM ServeRAID 8k-l controller with 32MB cache memory (drives in RAID-1 mirror).

Network: 4 x Gigabit Ethernet

Management: Web browser

Options: 250 users: Websense - 1yr, £2,162; Kaspersky – 1yr, £1,242 (all exc VAT)

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021