The annual RSA Conference provides an opportunity for security vendors to steal some of the spotlight from the host and reveal new products or updates to existing ones.
Among those who made announcements were Sophos Ltd., McAfee, viaForensics and iBoss Networks.
It doesn’t officially go on the market until next week, but Sophos was talking up version 9.2 of its Unified Threat Management appliance’s software with email encryption and improved protection for advanced persistent threats.
For monitoring inbound traffic the update adds “selective sandboxing” of suspicious files. They get temporarily held while automatically routed to Sophos Labs for analysis, which passes or fails them.
The analysis results are also distributed all customers with the Sophos UTM devices.
“This is a no-hands-on-required level of ATP protection,” Chris Kraft, vice-president of product management for the company’s network security group, said in an interview.
For outbound traffic the UTM now looks for botnets and suspicious activity of endpoints. An alert goes to the administrator and event is logged. If necessary the appliance can cut the end point off.
IT managers understand that encrypting email of some staffers can be useful, but those in mid-sized organizations find many solutions are too complex to manage.
Sophos’s answer is a technology called SPX that encrypted puts an PDF envelope around the message, Kraft said. It preserves attachments and allows offline viewing.
The user can select the SPX option from a Microsoft Outlook toolbar, or an administrator can set automated rules in the UTM software to look for personally identifiable or financial information to trigger encryption.
Sender has to send the recipient an offline passcode (via phone call or other means) for unlocking the message. If the receiver wants to reply, clicking on a button inside the message creates an HTTPS session is created back to the UTM for secure reply.
There is a performance impact, Kraft said, but shouldn’t be a lot because not all email will be encrypted.
Web security has been improved. Usually UTMs are designed to be ‘set and protect’, Kraft said. Version 9.2 allows administrators to set “fairly rich policies” for contractors, partners and visitors.
The more flexible settings means organizations can treat the Sophos UTM as a Web gateway, Kraft said.
Finally, the UTM now links to the Sophos Mobile Device Management appliance so customers of both can set access policies to corporate wireless networks and VPNs.
Also at the conference
—iBoss Network Security said it has added advanced behavioral analysis of data flows to its Secure Web Gateway.
By honing in on data flows instead of file behavior, enterprises with complex networks can expose deviations from existing data flow benchmarks, the company said in a statement. Anomalies in data movement can be early indicators of potential threats. Capabilities include monitoring of data movement across 131,000 ports, and geomapping technology to pinpoint location of threat.
The gateway includes Web security, scanning inside SSLs, Layer 7 application management and mobile management.
— Nok Nok Labs said it will integrate whiteCryption’s Cryptanium line of application and data protection products with its new NNL S3 Authentication Suite,
The suite enables authentication for Internet-scale applications and services while reducing the cost and complexity of authentication infrastructure, Nok Nok said in a release.
The suite is also a centralized platform that will enable the usage of a broad range of devices certified by the Fast IDentity Alliance (FIDO) from a single infrastructure, the company added.
Nok Nok will also integrate the Cryptanium product suite with its NNL Multifactor Authentication Client (MFAC) with support for Android, iOS, and Microsoft Windows devices, which enables users to authenticate to any application using the existing security capabilities of their mobile devices. This integration will strengthen the security of its application, sensitive data and cryptographic keys/
— viaForensics has released a free mobile app for personal use called viaProtect, which monitors applications for risks. For instance, it can detect if an app handles personal data insecurely by transmitting it unencrypted or to servers located overseas.
viaProtect gathers mobile forensic, system, network, security and sensor data from devices, then utilizes statistical analysis and risk indicators to detect suspicious events or behaviour.
It’s available from the Google Play and Apple App stores
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."