Finjan Provides Vital Management in Security Appliances

By Frank Ohlhorst  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Finjan’s Vital Security Web Gateway appliances have nearly everything an enterprise would expect in a security appliance. What sets Finjan apart is superior management capabilities that prove excellent for on-premises or managed services deployment.

Security vendors are finding that increased competition and new ideas in protection are starting to chip away at sales of on-premises appliances. The real question becomes, can security vendors reinvent themselves to do battle in a Web 2.0 world?

Finjan thinks it can and is focusing on ease of management as the means for accomplishing that goal with a concise interface that rolls up control of native and partner technologies into a single administration console.

The company has revamped its security appliance products to combat the latest threats, most notably Web 2.0 attacks such as embedded malware delivered via AJAX, Active X or other rich applications. The ability to block those threats inline is ever more important as companies come to rely on Web-based applications.

Finjan’s three Vital Security Web Gateway models—NG-5100 for SMB, NG-6100 for enterprise and NG-8100 for large enterprise—are pretty much the same, with the primary differences being throughput and number of clients supported.

All of the appliances offer:

  • Web security including anti-virus and anti-phishing applications
  • Productivity, liability and bandwidth control using a combination of URL filtering, content caching and application control technologies
  • DLP (data loss prevention) by inspecting outbound communications for sensitive/confidential data, even when hiding in HTTPS/SSL 
  • Centralized management via a Web-based console (including monitoring and controlling HTTP, FTP and SSL traffic) that can administer multiple appliances across the enterprise
  • Logging and reporting focused on Web traffic visibility, activity and security

The Vital Security Secure Web Gateway uses Finjan’s behavior-blocking technology, which works at the application level to identify malicious code in incoming and outgoing Web traffic. The behavior blocking technology is updated automatically, as soon as new threats are discovered via the Finjan security network. The behavior-blocking technology employs adaptive algorithms to combat zero-day threats for which no signatures exist. Any abnormal activity is analyzed and if that activity falls outside of the parameters set by policies, the behavior will be blocked.

Behavior blocking and support for SSL and HTTPS encrypted traffic proves to be a great marriage of technologies when it comes to DLP. Many market leaders leave DLP to other appliances and products, forcing enterprises to purchase multiple solutions to meet increasing security needs. Finjan on the other hand incorporates DLP into its security appliance and DLP processing becomes part of traffic control and Web security, which reduces latency, hardware footprints and management challenges.

Application security—anti-spyware and anti-virus—is one of the many layers of security offered by the Vital Security Secure Web Gateway. The antispyware technology uses a combination of URL black lists and behavioral analysis to block both known and zero-day threats. Finjan partners with Kaspersky, Sophos and McAfee for antivirus engines, while Web filtering can be handled by either Websense or IBM Proventia.

The omission of anti-spam technology in the Vital Security Secure Web Gateway could be troubling for some, but it’s not that big of a deal since most enterprises handle spam at the mail server. The integration of anti-spam into an edge security appliance could prove redundant. What’s more, anti-spam technology is often more effective when integration into the e-mail clients.

Although the Vital Security Secure Web Gateway uses several different technologies, Finjan has done an excellent job of creating a management console that integrates policy management along with OEM technologies into a simple browser-based application.

Solution providers will find integration of the Vital Security Secure Web Gateway straight forward; Finjan provides several deployment scenarios. Deploying the device does take some networking smarts, although that should not be a problem for any experienced integrator. Most of the deployment choices deal with proxy settings, caching options and ICAP configuration. All of that together creates an appliance that is configurable to meet the needs of the enterprise, as opposed to having to re-engineer gateways to work with security products.

Finjan’s X-Ray technology gives solution providers the ability to passively run Vital Security Secure Web Gateway to discover security problems. While many vendors offer a "monitor in place" type of deployment, few solution providers turn to that technology as a sales tool. X-Ray proves well-suited to serve as a "proof is in the pudding" approach to selling a security appliance. X-Ray also proves to be a wonderful way to demonstrate the products DLP capabilities.

Just as many security appliance vendors are doing, Finjan is enabling the use of its Vital Security Secure Web Gateway in a hosted managed service. Here, Finjan’s excellent management console shines, since the ease of use designed for on-premises administrators proves perfectly suited for managed services that’s inspecting and blocking malicious traffic at the last hop before the enterprise perimeter.

Finjan is offering an aggressive channel program that offers margins between 15 percent and 20 percent for top-tier partners, along with plenty of training and marketing support. Finjan’s goal is to get the word out that there is another choice in the market than the well-known players, while demonstrating that Finjan can do it cheaper, faster and easier than the competition.

Finjan has successfully pushed the envelope with the Vital Security Secure Web Gateway by integrating a full set of Web 2.0 security capabilities, along with traditional perimeter-based security, all supported by an intuitive interface that takes much of the hassle out of security management. Solution providers will find Finjan’s Vital Security Secure Web Gateway a viable alternative to competitive security appliances. The NG-5100 starts at $18,000 and includes support for 1,000 users and all available features.


Frank Ohlhorst Frank J. Ohlhorst is the Executive Technology Editor for eWeek Channel Insider and brings with him over 20 years of experience in the Information Technology field.He began his career as a network administrator and applications program in the private sector for two years before joining a computer consulting firm as a programmer analyst. In 1988 Frank founded a computer consulting company, which specialized in network design, implementation, and support, along with custom accounting applications developed in a variety of programming languages.In 1991, Frank took a position with the United States Department of Energy as a Network Manager for multiple DOE Area Offices with locations at Brookhaven National Laboratory (BNL), Princeton Plasma Physics Laboratory (PPL), Argonne National Laboratory (ANL), FermiLAB and the Ames Area Office (AMESAO). Frank's duties included managing the site networks, associated staff and the inter-network links between the area offices. He also served at the Computer Security Officer (CSO) for multiple DOE sites. Frank joined CMP Technology's Channel group in 1999 as a Technical Editor assigned to the CRN Test Center, within a year, Frank became the Senior Technical Editor, and was responsible for designing product testing methodologies, assigning product reviews, roundups and bakeoffs to the CRN Test Center staff.In 2003, Frank was named Technology Editor of CRN. In that capacity, he ensured that CRN maintained a clearer focus on technology and increased the integration of the Test Center's review content into both CRN's print and web properties. He also contributed to Netseminar's, hosted sessions at CMP's Xchange Channel trade shows and helped to develop new methods of content delivery, Such as CRN-TV.In September of 2004, Frank became the Director of the CRN Test Center and was charged with increasing the Test Center's contributions to CMP's Channel Web online presence and CMP's latest monthly publication, Digital Connect, a magazine geared towards the home integrator. He also continued to contribute to CMP's Netseminar series, Xchange events, industry conferences and CRN-TV.In January of 2007, CMP Launched CRNtech, a monthly publication focused on technology for the channel, with a mailed audience of 70,000 qualified readers. Frank was instrumental in the development and design of CRNTech and was the editorial director of the publication as well as its primary contributor. He also maintained the edit calendar, and hosted quarterly CRNTech Live events.In June 2007, Frank was named Senior Technology Analyst and became responsible for the technical focus and edit calendars of all the Channel Group's publications, including CRN, CRNTech, and VARBusiness, along with the Channel Group's specialized publications Solutions Inc., Government VAR, TechBuilder and various custom publications. Frank joined Ziff Davis Enterprise in September of 2007 and focuses on creating editorial content geared towards the purveyors of Information Technology products and services. Frank writes comparative reviews, channel analysis pieces and participates in many of Ziff Davis Enterprise's tradeshows and webinars. He has received several awards for his writing and editing, including back to back best review of the year awards, and a president's award for CRN-TV. Frank speaks at many industry conferences, is a contributor to several IT Books, holds several records for online hits and has several industry certifications, including Novell's CNE, Microsoft's MCP.Frank can be reached at frank.ohlhorst@ziffdavisenterprise.com

Submit a Comment

Loading Comments...