SurfControl Evolves Software Defenses Against Malicious Code

SurfControl, a Scotts Valley, Calif.-based security software vendor, has come up with a new way to combat malicious code before it can impact operations. Its latest product, aptly named Threat Shield, offers protection against enterprise threats.

SurfControl's definition of an enterprise threat is more comprehensive than what some solution providers may be used to. SurfControl believes an enterprise threat is any application or activity that is run on a workstation without authorization.

With that in mind, SurfControl's product takes a different approach to protecting against malware. Threat Shield uses a policy-based paradigm to prevent unauthorized code from running on a workstation, and can protect against most any attack, ranging from typical spyware to complex blended threats. That helps to protect against any malicious code that may arrive via e-mail, downloads or peer-to-peer applications. Threat Shield uses the trinity approach to security, offering scanning, reporting and remediation of policy violations. The solution consists of two primary components—a client that is pushed down to workstations and a centralized management console. The management console maintains a database of allowed or disallowed activities, while the desktop client validates activity against that database.

That brings several key advantages to network protection. First, administrators can define on a case-by-case or group-by-group basis who can do what where. What's more, administrators can define custom signatures to block previously unaccounted-for applications. SurfControl offers daily updates to the signature database. To enforce the product's policy-based filtering, administrators can push the client down to a desktop system as a service element, which is installed silently. No end-user interaction is required and users are unaware of the process.

Threat Shield uses a click-and-drag method of applying policies—administrators simply drag a defined policy over to a group or individual user, and that policy is automatically enforced. Defining policies is just as easy—administrators can select from a range of canned policies or quickly create their own. A policy can be built from several elements ranging from an executable signature to a wild-card-based range of system files. The reactions to a policy violation can range from deleting the suspicious code to warning the user to notifying the administrator.

SurfControl breaks down filtering into seven primary categories: content-based, file name-based, user identity, exclusions, white lists, executable names and browser-based activity. Those elements can be combined in any fashion to build a policy. Some businesses will find the browser watch element, which monitors all browser activity and accounts for the active time spent on any particular Web site, an important component that can be a critical element in enforcing acceptable use policies.Most administrators will appreciate the fact that Threat Shield offers a hands-off approach to security management. Administrators can simply define a set of policies, deploy those policies automatically and then review the reports to make sure everything is acceptable. Speaking of reports, the product offers several canned and customizable reports, which offer detailed views based on trends, violations or summary information. Administrators can drill down to isolate suspicious activity. Reports can be exported to PDF, Word and Excel formats. The product currently does not offer automated scheduled reporting.

Threat Shield follows SurfControl's standard channel program. Partners must achieve a certification status to sell the product and partners must successfully pass the STAR sales and technical certification exams. The channel program has been in existence for five years and boasts more than 650 authorized partners. The program offers three levels—Security Partner, Gold Security Partner and Platinum Security Partner. Levels are dictated by sales commitments, certified employees and marketing levels. Security partners can expect margins of 25 percent, while Gold- and Platinum-level partners earn higher margins and have access to advanced technical and marketing support. Platinum-level partners also garner certified sales leads and dedicated account reps.

SurfControl proves to be a channel-friendly company that supplies critical elements needed for partner success. Combined with the flexibility of Threat Shield and the capabilities offered by integrating other SurfControl products, partners can build a full-service security-oriented platform that should effectively meet the needs of both medium and large enterprises.

While Threat Shield may not be a perfect solution, the product approaches an ideal method for protecting enterprise users from the most common of malicious code threats including adware, spyware, viruses and unauthorized applications to find violations.

SurfControl has several enhancements slated for the product, and important features such as automated reporting via schedule and enhanced alert notifications will help to establish the product as an industry leader. But even as it stands now, partners can benefit from everything Threat Shield has to offer.