Finjan's SP-6100 midrange secure gateway appliance unleashes real-time behavioral analysis to thwart spyware developers, who have become savvy to the inner workings of traditional URL filters and spyware engines. The SP-6100 runs on IBM server hardware and ships with dual quad-core Xeon processors, 2 GB of RAM, dual 73-GB drives, and a four-port Gigabit Ethernet controller. It takes URL and signature-based protection to the next level by actually executing the code of the site you're visiting in a sandbox in real time. So, for example, a site may be deemed safe by a traditional URL filter, but a detailed behavioral check by Finjan might reveal an attempt to write to your registry. Perhaps the same site is attempting a file operation on your local system--or overtly trying to install a toolkit, push down an .msi file, or execute destructive code embedded in a PDF file that circumvented your e-mail gateway.
While signature-based defenses are certainly faster than real-time behavioral inspection, they rely on your virus defense or URL filter vendor to write and deploy the update, which takes time. That won't help if you're one of the first victims of a new and devastating virus.
We took the SP-6100 appliance for a spin and were impressed with its features and ease of use. Setup was generally a snap, and the only cumbersome part of testing was having to manually point clients to the Finjan appliance as their proxy server.
You can get around that issue by purchasing an optional bridge pass-through card for a few hundred bucks. The bridge pass-through card cross-connects to your external firewall interface and acts like a transparent proxy for your clients, so no browser configuration is necessary. If the Finjan box fails or loses power, the bridge card fails open and maintains Internet access for the clients behind your firewall.
Keep Out The Bad Guys
The most impressive feature set in the Finjan appliance's formidable roster is the ability to scan for and block sites that are attempting to exploit specific Windows or Internet Explorer vulnerabilities. Adding to the diversity and robustness of its security and scanning capabilities is the ability to subscribe to signature-based URL and virus filters from Kaspersky, McAfee, Sophos, and Websense.
Other notables are Finjan's Boolean logic builder and its Active Directory integration. The logic builder allows IT to develop custom dictionaries that can be put to work for compliance and data loss prevention, or DLP. The Active Directory integration allows you to apply security and authentication policy based on user and group membership. Although the SP-6100 is by no means an enterprise DLP product, it does a good job as a man in the middle for decrypting, scanning, and applying security policy to SSL-enabled sessions.
If you're unhappy with the security capabilities of your current caching appliance, you don't have to settle. Blue Coat and Finjan, for example, can complement each other via the Internet Content Adaptation Protocol or Web Cache Coordination Protocol, which off-load real-time behavioral scanning tasks from the caching server to the Finjan security gateway. In large environments, it might make sense to take advantage of the strengths of each by using them in parallel.
The Finjan SP-6100 lists for $18,000 and includes the Finjan Web Security Suite and Silver support. Base pricing rises depending on user count, optional add-ons, and subscriptions to third-party virus engines and URL filters.
Randy George is an industry analyst covering security and infrastructure topics.