I am investigating a VPN solution/strategy for a company that currently has a Cisco and a Nortel VPN solution and I have examined a number of products that meet their current requirements. While there are a number of solutions that perform, it appears that the industry has not yet matured as fast as the demand for a product that performs the following from a centralized system:
1. IDS 2. FW 3. Virus Protection Possibly Vuln Scan (not required) Possibly email/hdd encryption (not required) Among these requirements, the product should contain these minimal features: 1. Perform the before mentioned requirements to be managed from a central console. 2. Install, deploy and upgrade remote end-points with minimal hassle. 3. Group based policy management. 4. Separate profiles for when the client agent(s) is connected to the VPN and one for when it is not. 5. Stealth Mode operation without client GUI and/or enduser interaction. 6. Integrate with the Cisco and Nortel VPN client; VPN hooks. 7. Alert notification facilities... e.g.. email, pager 8. Robust reporting capabilities. 9. Up to date vuln/av/etc definitions I have investigated the following products. The only one that seems to meet my requirements is McAfee's ePO 7.5 and my deadline which is scheduled for release beginning Q2-02. -ISS IcePaq: Full release, only does IDS, FW and Vuln Scan. -McAfee: Upcoming release ePO 7.5 will do IDS, FW, AV, Vuln Scan and throw in the PGP which by the way they are dumping ASAP (don't know why, great product) -ZoneLabs: Only do IDS. Product is in full release. Pricey... -Symantec: Reportedly will do everything from a central console but only half at Q2-02 and the rest by Q2-03; Vaporware... Currently they own a number of products that are modular in fashion and do not tie together at all. Can anyone recommend one of these products based on experience and/or can someone please recommend other products that meet the requirements listed above. kind regards, *****This information may be confidential and/or privileged. Use of this information by anyone other than the intended recipient is prohibited. If you received this in error, please inform the sender and remove any record of this message.*****