Home


About Network Testing Labs

Contact Network Testing Labs

Independent Evaluations of Network Hardware and Software

 

NETWORK TESTING LABS REVIEW

Facetime Communications’ Unified Security Gateway (USG)


 

 



Can one device deter malware threats from all directions? The answer is yes, we found out.
By Barry Nance


Executive Summary
With unerring accuracy and quick, unobtrusive performance, FaceTime Communications’ Unified Security Gateway appliance easily thwarted virtually all Internet-based malware in our tests, and it gave us complete control, at a fine level, over which social networking and other non-business Internet applications we wanted to allow on our network. As a result, Unified Security Gateway garnered top honors in this Secure Web Gateway review.

Unified Security Gateway also exhibited an intuitive user interface, great scalability, ironman reliability, useful reports, child’s-play installation and an attractive price tag.

Unified Security Gateway earns FaceTime a well-deserved Network Testing Labs World Class Award for best Web 2.0 anti-malware gateway device.


Malware is coming at you from all directions. From its not-so-humble beginnings in the form of annoying viruses carried in e-mail messages, malware now pervades every aspect of the Internet.

Cyber criminals now assault you and your company in dozens of ways – malicious Web sites, hijacked advertising banners on otherwise innocent sites, phishing attempts, spyware, spam, viruses, Trojans, botnets, rootkits, Instant Messaging (both public IM and that offered by Microsoft Office Communications Server and IBM Lotus Sametime) malware, peer-to-peer (P2P) file sharing malware, Skype malware, social networking malware, hijacked Facebook applications, gaming malware and Web 2.0 application malware. The list is long, and these Internet-borne threats are no longer a problem you can ignore.

For example, you may think you’re safe because you visit only “good” Web sites. Now, because cyber criminals quite often hijack advertising banners, even this reason for avoiding putting an effective security barrier between you and the Internet is no longer valid.

Either you protect yourself now, or you’ll find that criminals have sucked your company and personal information quickly and silently out of your computers . Moreover, the advent of extremely sophisticated rootkits has made spyware a stubborn, intractable problem. Removing the latest spyware threats “by hand” is virtually impossible.

Network Testing Labs has created a special test environment (see the Testbed and Methodology section of this review) for evaluating anti-malware products, and we’re on a quest for the best. The most important criterion in our evaluation is the ability to identify and thwart virtually all malware. We also looked for quick performance, useful reports, timely alerts, ease of use and ease of deployment.

To find out which anti-malware product is best, we tested FaceTime Communcations’ Unified Security Gateway (USG) appliance in our Alabama lab and at customer sites.

The USG appliance proved to be accurate, fast and easy to use. The device easily enforced all our corporate policies regarding Internet access, no matter how complex. It turned aside virtually all malware, and its effect on the responsiveness of our clients’ Internet experience was nil. The USG’s combination of low latency, accurate handling of malware and excellent control of access to Internet applications made the device an ideal network tool for both security and productivity. FaceTime Communications wins the Network Testing Labs World Class award for best anti-malware gateway device.

Thwart Malware
In all our tests, Unified Security Gateway stopped malware cold. Impressively, the appliance also gave us great flexibility in how we could configure it to thwart malware.

Furthermore, we loved the way the appliance gave us absolute, fine-as-we-wished control over the social networking and other non-business Web sites and protocols we deemed inappropriate for our corporate network. Unified Security Gateway revealed, plainly and simply, exactly which of these sites and protocols our (simulated) users were trying to visit or use. Shutting down access via the Unified Security Gateway was a breeze. For groups and users we specified, we could be as selective as we wanted in how we enforced Internet access policies to allow or disallow use of various parts of the Internet. For instance, we could grant our users access to Facebook yet block its chat applications.

Unified Security Gateway inspects traffic to identify malware URLs and IP addresses. It analyzes Web traffic for executable file malware content, by malware signature. And the appliance additionally guards against malware “phone home” attempts, for any port or protocol. In our tests, all three levels of protection worked flawlessly. Indeed, the USG pinpointed the infected computer that was trying to “phone home,” and it gave us a wealth of detail about the infection.

Table 1 shows the Unified Security Gateway’s highly accurate application and malware detection success rates from some of our tests for Instant Messaging protocol, P2P protocol and spyware. The gateway device was very nearly perfect.

 

 

IM Protocol Detection Effectiveness

P2P Protocol Detection Effectiveness

Anti-spyware

Effectiveness

Unified Security

Gateway

 

100 %

 

100 %

 

98 %

Table 1. Malware-stopping success rate.

The Unified Security Gateway did an especially good job of recognizing IM, P2P, anonymizers and social networking protocols and applications. It thwarted all spyware regardless of channel of propagation (IM, P2P, HTTP). It went a step further to block “phone home” attempts, thus stopping the transmission of hijacked data and online advertising server requests.

We noted that the USG incorporates high quality URL filtering lists, such as Secure Computing’s SmartFilter.

Stopping malware via gateways at each Internet connection point is clearly superior to cleaning it off individual server and desktop computers. Removing malware at the desktop or on the server is tedious to administer and consumes computing resources that the client and the server should rather devote to your business. The gateway approach is cleaner, simpler to administer, more direct, more reliable and more effective. Moreover, mere URL filtering doesn’t detect evasive malware instances that use non-HTTP ports or that tunnel through port 80 in an effort to mask the malware’s packets as standard Web traffic.

The Unified Security Gateway unit is a 1-U rack-mountable purposed computer running a hardened Linux kernel. In our tests, the compact Unified Security Gateway proved to be quick, robust and reliable.

The Unified Security Gateway appliance’s designers obviously paid a great deal of attention to detail in building the device. Every aspect of our operation of the Unified Security Gateway revealed thoughtful, well-designed features as well as innate quality and reliability. The appliances feature redundant hardware, an active standby configuration and a fail-open mode to maximize uptime and reliability.

The Unified Security Gateway appliance also kept “bots” from running on our servers and clients, thus thwarting cyber criminals’ attempts to remotely control our computers. These attempts, if successful, would turn one or more of our computers into sources of spam, sources of Denial of Service (DoS) attacks or sources of corporate data theft.

Performance
The Unified Security Gateway appliance is one of the quickest performing Secure Web Gateway products on the market – even with all the services turned on. It did its work quickly enough that client responsiveness was virtually unaffected by the presence of the gateway (see Table 2). Even the most accurate anti-malware tool is useless if it slows Internet access to a glacial crawl.

 

Unified Security Gateway

Latency (URLs)

<10 ms

Latency (executables)

28 to 40 ms

Throughput

575 Mb/sec

    Table 2. Latency and throughput results.

In our accuracy and performance tests, we used fresh material for each test to negate the effects, if any, of caching by the gateway devices. We reasoned that most people browsing the Internet don’t choose to repeatedly run (or download) the same Internet executable files over and over again.

Rather creatively and smartly, the Unified Security Gateway appliance uses TCP Reset commands to halt malware. When it notes malware coming from the Internet, the Unified Security Gateway sends a TCP Reset to both the malware host and the client, effectively telling each session partner to stop transmitting (or, for the client, stop requesting) the malware. The Unified Security Gateway also sends a special web page to the end-user, so they know why the action was blocked. FaceTime is thus able to achieve zero latency while still protecting users from infection.

Ease of Use
The Unified Security Gateway appliance has a Web-based user interface for setting configuration options, seeing real-time status and viewing reports. The Unified Security Gateway appliance interface is intuitive to use and easy to navigate. The USG status screens and reports are comprehensive and highly informative.

Unified Security Gateway appliance installation consists simply of cabling the box to your network, powering up and assigning an IP address. FaceTime’s documentation is clear, comprehensive and easy to follow.


Conclusion
Cyber criminals are working overtime to steal your keystrokes, rifle through your files for password and credit card data and, every time you perform an Internet search, pepper your screen with advertisements. Malware slows your PCs to a crawl, and malware “phones home” to relay your information over the Internet to the criminals. You don’t even know it’s happening.

The explosion of social networking sites and other non-business applications on the Internet is a relatively new trend that’s not only affecting user productivity but has become a new vehicle for cyber criminals to target your network.



The Unified Security Gateway is the answer to all these threats. It is a superior gateway-architecture security tool for thwarting malware and controlling access, via corporate policy, to inappropriate Web sites and protocols. It’s accurate, easy to use, scalable and very cost effective.

We recommend you look closely at FaceTime Communications’ family of Unified Security Gateway appliances.


Testbed and Methodology
We primarily looked for the ability to identify and block malware (such as keystroke loggers, browser hijackers, bots, adware, rootkits, dialers, data miners and trojans). We established a variety of corporate policies regarding Internet access, and we expected the USG would enforce them.

We wanted the USG to prevent malware from sending data from our network (i.e., “phoning home”), identify already-infected clients, scan traffic quickly, receive frequent spyware definition updates, and produce helpful reports on infection attempts and traffic statistics.

We collected a suite of 200 malware samples, and we moved the collected material to an isolated, quarantined network. We thus were able to simulate the Internet within our lab.

The quarantined network consisted of three subnets.

Subnet 1 had 25 client machines with a variety of operating systems, including Windows 98, 2000, 2003, ME, XP and Vista as well as Red Hat Linux and Macintosh OS X.

Subnet 2 contained three Web servers (Microsoft IIS, Netscape Enterprise Server and Apache), three e-mail servers (Exchange, Notes and Sendmail), two file servers (Windows 2003 Advanced Server and Netware) and two database servers (Oracle 8i and Microsoft SQL Server).

Subnet 3, simulating the "Internet," had Web servers and clients that contained the malware instances and which sported “bad guy” IP addresses and URLs. Systems on the first two subnets accessed the third subnet as if it were the real Internet.



To measure performance, we used two time-synchronized protocol analyzers on the Internet and local network sides of the Internet connection and examined the resulting packet captures to know the time taken by the appliance to forward or discard each network message.

The USG connected our simulated "Internet" to the other two subnets. Client and server machines started off in a pristine state for each test.

Our clients and servers attempted to download malware from the simulated "Internet." We noted how well the products identified malware traffic and blocked attempts by the malware to send data back to the source. We gauged success or failure by examining each machine for malware after each test. We looked for running malware processes, new program files (EXE, DLL or OCX, possibly marked with the “Hidden” attribute) and directories as well as Registry and Start Menu changes.



Vendor Details

Unified Security Gateway (USG)
Price: Starts at $4,995

FaceTime Communications, Inc.
1301 Shoreway Road, Suite 275
Belmont, CA 94002
888-349-3223 or 650-631-6300
www.facetime.com


Copyright 2012 Network Testing Labs


  
Home

About Network Testing Labs

Contact Network Testing Labs