Zone Labs’ popular Zone Alarm products are installed on millions of desktops to provide protection from Internet threats. Now Zone Labs has used that experience to build a new security enterprise product—Integrity.
Integrity offers central management of client PC security rules. Zone Labs says that it can block Trojans, spyware, worms, and other threats before they can access your network. The product is designed around Zone Labs’ TrueVector technology, which uses the “trusted zones” and “trusted applications” approach to control the traffic that enters and leaves systems. If TrueVector doesn’t know whether something is safe, it won’t allow it unless you tell it to.
If you’ve used Zone Alarm or Zone Alarm Pro, this probably sounds familiar. The difference with Integrity is that it’s aimed squarely at the enterprise and features central management of the security rules that govern network and Internet traffic to and from the client systems.
Zone Labs describes Integrity as a distributed security solution because of the central management console that transmits rules to networked desktops.
Integrity offers the following functionality to improve network endpoint security:
- Control of application network access
- Distributed firewall to control traffic to and from the Internet
- E-mail protection to quarantine suspicious attachments
- Control of resource sharing within network zones
- Stealth mode to shield PCs from hackers
Two components make up Integrity’s security management functionality: Integrity Server and Integrity Agent. Integrity Server enables the central management and configuration of the security policies governing network traffic, while Integrity Agent consists of the desktop software that retrieves and enforces security rules across the endpoint PCs.
You use a Web-based console to set up and manage policies in Integrity Server. The Server also features a monitor that shows the current status of network security as well as reports of network activity. Integrity Server comes with a set of predefined templates to make it easier to configure. You can also customize existing templates to establish your own policies to better fit the needs of your network, and you can apply policies to specific groups of users and configure them for various network segments, or zones.
The Agent software is installed on all PCs on the network. It retrieves whatever policy has been set up for the PC on which it’s installed and enforces the rules of the policy on that system.
The Agent runs in the background performing a variety of tasks, including:
- Monitoring inbound and outbound traffic.
- Controlling application connections.
- Concealing ports from hackers.
- Examining e-mail attachments.
Integrity Agent controls network and Internet traffic at the application level based on the rules retrieved from the Server. If an application attempts to access the Internet, Integrity Agent will block the attempt unless the rules have allowed that action.
As with Zone Alarm, your rules will evolve over time. Because Integrity takes the “if you don’t know, don’t allow” approach to security, it’s likely that some operations you’d like to allow will be blocked until you configure the rules to accommodate them. It’s difficult to account for everything when you initially set up the rules, so you’ll probably find yourself tweaking them as users begin to operate under the Integrity regime.
The Agent updates its rules by communicating with the Server at intervals defined by the administrator. Any policy changes are thus distributed as needed across the network.
Rules are enforced even when the system is not connected to the network to prevent worms or viruses from infecting the PC while it is offline (for example, via a floppy disk) and then spreading to the network when the user reconnects.
Agents are also password protected to prevent users from circumventing security rules.
Integrity includes a number of features designed to make administration easier. Because rules are essentially application-based, Integrity features an observation mode you can use to identify which applications request network and/or Internet access and then determine which ones you want to actually grant access to. This can help minimize the need to alter rules to accommodate programs that should have been allowed network and Internet access from the beginning.
Because policies are user- and group-based, rules follow users no matter how or where they access the network. This ensures that rules are applied automatically and consistently without intervention on your part.
The reporting feature gives you information about network activity and allows you to view details about events that may necessitate policy adjustments. You can also use the reports to detect breaches in security and cover vulnerabilities as needed.
The administration module itself is managed through a central console via a Web interface. Central management means less hassle and better security. Access to policies is password protected, so the risk that rules will be modified or circumvented is greatly minimized.
Zone Labs has already built an effective product in Zone Alarm Pro, and since Integrity is built on the same technology and principles, it has the potential to be a strong product for centralizing desktop firewall configuration and administration.
Integrity is made to work on all Windows platforms. For additional details, download the datasheet for the product from the Zone Labs Web site.