Zone Labs Updates Security Enforcer For Guest Access

Zone Labs on Monday rolled out an update to its Integrity Clientless Security solution that blocks non-IT controlled PCs -- such as those owned by partners and used by mobile workers -- from accessing an enterprise's network without having proper security provisions in place.

Clientless Security 2.0 now includes checks for spyware, worms, Trojan horses, key loggers, and other malicious code lurking on guest systems, then automatically disables the processes such malware runs before allowing a user to log on to a Web-based application such as Outlook Web Access or an SSL-secured virtual private network (VPN) connection, said Frederick Felman, the vice president of marketing for the San Francisco, Calif.-based security firm.

"Clientless Security disables the malicious code, but it doesn't delete it," explained Felman. "Some of the users on those PCs may not have administrative rights, so they aren't able to remove, say, spyware. Instead, we disable those forms of malware without requiring any user interaction."

An end-point product, Clientless Security differs from other security policy enforcement products in that it's aimed at PC assets not owned and managed by the enterprise. "Partners' PCs, which are often used to access corporate CRM (customer relationship management) or ERP (enterprise resource planning) software, are checked to make sure a firewall is present and anti-virus [protection] is there before access is granted," said Felman.

The product is able to handle all the major anti-virus solutions, including those from Symantec, Trend Micro, and Computer Associates, and will not only verify the presence of such defenses, but also check that the anti-virus definitions are up to date.All checks against policies are done before a user is allowed to log on to the network, said Felman, and done without installing any software on the client. Instead, ActiveX controls are loaded onto the system at the beginning of each Web or VPN session, then unloaded at the end. The control can be optionally cached by the administrator to the client for a performance boost the next time the system logs on.

Systems that don't meet the required policies -- which administrators set at a central software console -- can be completely blocked from logging on, or other administrator-defined options can come into play, such as allowing a log on but with notification to both the end-user and the IT staff that the system isn't up to par. Users can also be automatically redirected to other enterprise assets, such as a patch-providing server or the company's anti-virus definition files, to bring their systems into compliance before log on is permitted, said Felman.

On the firewall side, Clientless Security will check that a firewall is present on the outside system, and if one is absent, the user can be asked to install one, or the administrator can set policies so that one is automatically installed prior to log on.

Other verifications new to version 2.0 said Felman, include status checks of the client's overall security, and warnings if the system has not been patched against currently-known vulnerabilities.

Clientless Security works on guest PCs that are running Windows 98 and later using Internet Explorer 5.0 or later to access an enterprise Web site or application, or the network through a VPN tunnel.The software runs on Integrity Clientless Security offers Windows, Linux, and Unix servers, as well as Microsoft IIS (Internet Information Server) and Apache web servers.

Prices start at $20 per user.

Check Point Software completed its acquisition of Zone Labs late last month as it laid out $114 million in cash and issued an additional 5.3 million shares to pay for the private security firm.