Product Reviews

While there's no shortage of security appliances currently available for the SME market, they all tend to offer a similar range of services including firewall, anti-virus and intrusion-detection duties. Not so with the Oculan 250, as this purple appliance provides a plug-and-play solution that not only delivers intrusion-detection and vulnerability scanning but also a raft of network-management tools. These include network utilisation monitoring, device discovery and polling, problem notification and even hardware and software inventory.

The appliance hardware comprises a compact Supermicro SuperServer 5013G-M, which comes equipped with a decent Pentium 4 processor, plenty of fast memory and a pair of Gigabit Ethernet network ports. However, the 250 doesn't provide firewall capabilities and is designed to sit behind an existing appliance. Once connected to the relevant networks, a visit is required to the serial port and CLI, but when an IP address has been assigned to the management port you can use secure remote browser access. Installation and configuration aren't helped, though, by the poorly structured documentation - even the hotlink on the management interface took us to a previous version of the user manual, which featured numerous inconsistencies.

Inventory uses WMI (Windows management instrumentation), and the 250 requires one system

ADVERTISEMENT

set up as a proxy before it can gather any data - Oculan provides a utility to achieve this. Once you've added the IP address ranges you want to monitor, it runs a discovery routine and lists all available devices. Selecting one provides plenty of operational information. Although nowhere near as detailed as specialist inventory products, the appliance correctly identified logical and physical drives, memory, processor speed and the installed OS, plus the majority of installed applications. Data is collected from managed systems regularly and can be tied in with thresholds. So, for example, you can be warned when a system's free hard disk space or CPU utilisation reaches a certain percentage. The 250 also advises on discovered services and supports a wide variety of services and protocols including SQL Server, Oracle, POP3, SMTP, HTTPS and Citrix.

Four modes of vulnerability scans may be scheduled to run at regular intervals. You can assign single IP addresses or ranges along with exclusion lists, and detailed reports provide plenty of information on security holes. However, only one scan can be run at a time and we found the warning message that appears whenever you want to modify the scan settings irritating. The 250 constantly monitors the selected network for intruders and uses attack signatures provided by Oculan. Notification is sophisticated, as you can create users and groups and decide which types of message to send to them based on the event severity. Traffic-analysis tools provide graphs of utilisation by application, Ethernet and IP protocol and are able to display the top ten websites and the systems that are generating the most traffic.

The Oculan 250 is a unique product that offers an unusual mixture of network-management and monitoring tools. The documentation needs to be improved to ease installation and configuration, but otherwise you'll be hard pushed to find this level of features at a lower price.