Cisco edges F5 in review of SSL VPN remote access appliances

Connecting remotely to network servers is a fact of life for millions of end users. Whether working from a PC or a mobile device, users rely on secure, reliable remote connections to maintain their productivity.

Available since Windows Server 2008 R2, Microsofts DirectAccess server role became fully integrated with the OS in Windows Server 2012. DirectAccess is designed to connect a VPN-type session automatically as soon as a compatible Windows client is connected to the Internet.

Most of the products tested (except Windows Server 2012), use Oracle's Java in one form or another, at least for client access and also in some cases within the management interface. With numerous vulnerabilities recently discovered in Java, leading to guidance from Department of Homeland Security and others to disable it entirely, this raised some questions about usability and possibly even security of the devices tested.

With serious data breaches occurring on almost a daily basis, concerns about data protection have skyrocketed. While some experts believe endpoint breaches may no longer comprise the majority of data leaks, the intentional or unintentional release of sensitive data from endpoints within an organization, whether by employees, contractors or guests, remains a serious problem that data loss prevention (DLP) products seek to address.

The Cisco Ironport is an appliance that is deployed into an existing mail infrastructure. All emails are sent to the IronPort and the IronPort is either the last point out (most common configuration) or it can process email and then send it back to the mail server where it is sent out.

We tested multiple common endpoint scenarios, by trying to upload, print, email or otherwise transfer data that should be blocked, quarantined, warned about or simply monitored under the rules and policies we set up. The following specific types of endpoint tests were conducted:

Freelance writer Susan Perschke recently sat down with Cisco Vice President and Chief Security Officer John N. Stewart for an in-depth discussion of the state of enterprise security.

If your IPv6 strategy is to delay implementation as long as you can, you still must address IPv6 security concerns right now.