Network Associates, ISS forge alliance

Network Associates Inc. and Internet Security Systems Inc. have forged an alliance to use each other’s technologies and marketing power in what top executives from the two firms say is a three-year agreement with many details still being hammered out.

As outlined by Network Associates president George Samenuk and ISS president, chair and CEO Tom Noonan, ISS will share its intrusion-detection technology with Network Associates, while Network Associates shares its virus-protection capabilities with ISS.

The two security firms also each have a rapid-response team – ISS has X-Force, Network Associates has the AVERT Labs – to address new security threats as they arise, and they are expected to begin sharing analysis closely in the future. The alliance, intended to give each company access to technology it lacks, also promises a slew of new products that may be co-marketed in the future.

In the analyst and press conference to announce the deal, ISS CEO Noonan noted that some of the worst security incidents in the last year have been triggered by “blended threats.” These are attacks that have downed computer systems and networks by combining virus infection, Trojan horses and automated hacking attacks to exploit vulnerabilities.

These threats – the Nimda and Code Red worms foremost to date – spurred the companies to begin a dialog that has led to the new alliance.

“The hacker and virus-writer communities have converged to share their techniques,” and ISS and Network Associates will work together on their own counter-measures for these threats, Noonan said. Combining efforts will allow both companies to provide “pervasive protection,” he said.

The only other security firm with the same breadth of products as ISS and Network Associates combined is Symantec, a rival not mentioned by the two executives, but certainly a fierce competitor to both ISS and Network Associates.

By the first quarter of 2003, Network Associates will ship a new network intrusion-detection system built on Network Associates’ Sniffer platform and using ISS technology, Samenuk said. In previous years, Network Associates had tried but failed to make much of a dent in the IDS market, and withdrew from this market about a year ago.

IDS so far has ended up as a market battle largely fought between ISS and Symantec, though a number of IDS vendors, including BindView and NFR Security, have found success in this arena as well. For its part, Network Associates has a huge installed base of Sniffer devices that are used for network troubleshooting and analysis, and earlier this year Network Associates promised it would add intrusion detection to them in some manner.

That manner, as it turns out, will not be Network Associates’ in-house technology, but that of ISS and its RealSecure products.

In other plans, Network Associates and ISS will combine their IDS and antivirus strengths in what may be a line of products for both by the first half of 2003. Eventually, Network Associates wants its management console, called the ePolicy Orchestrator, to recognize alerts from ISS intrusion-detection sensors and the ISS management console, called SiteProtector.

ISS wants to add McAfee antivirus and scanning to its server and gateway products, Noonan said. And the two companies also expect to leverage each other’s sales forces to sell their gear.

There is some product overlap that could spell trouble, especially in the area of vulnerability-assessment scanners and the question of which management console – the ISS SiteProtector or Network Associates’ ePolicy Orchestrator – ends up as the customer’s preferred choice.

There’s a growing push across the industry to have a single device handle “security information management” for multiple vendors’ software and appliances, with NetForensics, IBM and others working on the problem. ISS has signalled in the past it wants its SiteProtector to play this role by the end of the year. And Network Associates is rapidly redesigning ePolicy Orchestrator to do a better job of consolidating alerts from the wide variety of security software and appliances it sells.

Noonan and Samenuk artfully avoided analyst questions on this score during the teleconference announcing the alliance, where they strove to keep the announcement firmly upbeat.

Though ISS is based in Atlanta and Network Associates in Santa Clara, Calif., the two companies envision some of the technical development work will happen in the United Kingdom, where each company has engineering operations not too far from each other. In addition, work on gigabit intrusion-detection systems will be shared with ISS’s Silicon Valley office, not far from where Network Associates is located.

“Our customers will benefit from a great set of products,” Samenuk promised.