From the confusing proliferation of SSL VPN products of a couple of years ago, at the peak of the hype, the market has really settled down to address a well-known set of expectations, and the products we test in this month's group test all show definite signs of maturity.
There is room for improvement left, though. The market is still findingnew application areas that suit the SSL model, and the products arecontinuously expanding their capabilities to match. Also, we see thecontinued trend towards consolidation at play: some of the products wewere sent were really UTM devices with an SSL VPN component. The debateover best-of-breed component versus integration still rages, but itseems likely both options will continue to attract adherents for sometime to come, since most customers will simply choose whichever suitstheir needs.
Our other group test covers security policy management, which is adifficult topic to nail down because it can mean so many differentthings. We specifically excluded solutions that address user (and usage)policies, since we will look at those separately in an upcoming test.But even then the entries varied widely, and the products we testedcover a number of bases. That makes choosing the best productsdifficult, since we have to consider each entry's strengths in its ownarea - all the products on test are useful if they match your needs.While this is an area with lots of room for improvement, the good newsis that year-on-year, the management of complex heterogeneous securityenvironments is getting a little less difficult.
Ubiquitous security policy management may be an unreachable goal, but itis one worth striving towards. The slew of new vulnerabilities andexploits in August and September show that attacks just keep gettingfaster and better, and narrowing the window of opportunity for attack isalmost impossible without coordination across different systems. Thatsounds like an argument for UTM, but it isn't. It's an argument forbetter cooperation and consistency between suppliers, products,protocols and, equally importantly, among the people and processes inyour organisations.
This is my last issue of SC Magazine. Over the past four years I havewatched the industry develop, and have enjoyed working with our readersand technology suppliers.
ARE YOU GOOD ENOUGH TO REVIEW FOR SC?
If you are an independent security specialist with lab facilities, ableto review technology to our strict test criteria and methodologies andwrite up the results to our editorial requirements, then we want to hearfrom you. We are particularly interested in universities withpostgraduate labs and consultants with in-house testing facilities.Please contact Paul Fisher directly for more information [email protected]
HOW WE TEST AND SCORE THE PRODUCTS
Our testing team includes knowledgeable internal staff, as well asexternal experts who are respected industry-wide. In our Group Tests, weaim to look at a broad range of products around a common theme.
This might mean including products that do the same thing, but which areaimed at different markets - in this case, we will review them both inthat context and on their own merits.
With an increasingly diverse range of products, it is not alwayspossible to make direct comparisons to other products. Our finalconclusions and ratings are subject to the judgment of the reviewer.
WHAT THE STARS MEAN
Our star ratings indicate how well the product has performed againsteach of our test criteria. These are marked as follows:
* Seriously deficient
** Fails to complete certain basic functions
*** Carries out all basic functions to a satisfactory level
**** Carries out all basic functions very well
***** Outstanding
BEST BUY/RECOMMENDED
Any product we review could win our Best Buy and Recommended awards.Best Buy is our top award and goes to those products we rate asoutstanding across a range of criteria. Recommended means that theproduct has shone in a specific area or will suit a particular need verywell.