Although it’s the heart of summer, security vendors don’t seem to be going on vacation. Symantec Corp., eEye Digital Security Inc., NFR Security Inc. and Vernier Networks Inc. are rolling out new products designed to stop worms and other threats.
Symantec next month is scheduled to release an intrusion-prevention system (IPS) appliance line aimed at competing with equipment from the likes of Internet Security Systems (ISS), McAfee and TippingPoint Technologies. The three models in Symantec’s Network Security 7100 Series will block a range of attacks, including worms, but can also operate in passive mode as intrusion-detection systems (IDS), Symantec said.
“The 7100 Series will have pre-defined policies to tailor protection based on need,” says Sandeep Kumar, Symantec’s director of product management, noting that the three IPS models, ranging from 200M to 2Gbps, can be deployed at main distribution sites, edge or branch offices, or in data centres in a network core.
Because there always are new threats, Symantec will update the policies via the same LiveUpdate technology used in its anti-virus products. The company also will use it in its data centres around the world to offer IPS as an outsourced service.
Network managers take a cautious approach to IPS because they worry that blocking attack traffic with an in-line IPS could be disruptive.
Still, this week, NFR announced its first in-line IPS, called Sentivist, which will cost US$22,000. The University of North Carolina at Charlotte, which is evaluating it, will swap out NFR’s IDS now used at the campus Internet access point for a selected IPS.
“From a university perspective, we suffer greatly during worm outbreaks,” says Carter Heath, IT security officer. To keep the university network from becoming crippled during major virus outbreaks, it has become necessary to begin blocking computer worms and other attacks rather than simply monitoring them through an IDS.
Continental Airlines Inc. has used the NetScreen Technologies Inc.’s network-based IPS for six months to defend the Internet perimeter, said Andre Gold, director of information security. The airline is completing tests of the host-based IPS that eEye announced last week called Blink. Host-based IPS runs directly on desktops or servers as a protective layer.
Blink melds technologies that include signature-based blocking, vulnerability assessment, application firewall and behavior-blocking to fend off attacks on Windows-based desktops and servers.
Blink is intended to compete against host-based IPS and firewalls from Cisco Systems Inc., ISS, McAfee Inc., Sana Security Inc., Sygate Technologies Inc. and Microsoft Corp., which has indicated future versions of its operating system will be designed to block attacks.
“From the tests we’ve run, we’ve found the IPS mode in Blink works fine, and it’s ready for deployment,” Gold said.
“We plan to first use it in our e-ticket machines, which are Microsoft-based and hosted on the Continental infrastructure,” he added.
Firas Raouf, eEye Digital’s COO, said Blink represents a new product genre for the security firm, which has specialized in vulnerability assessment and remediation products for Windows-based machines.
“Yes, it’s a departure for us,” says Raouf, who claims eEye’s expertise in analyzing Windows-based problems provides a good background to develop a host-based IPS that can compete in an increasingly crowded market. Blink costs US$56 per desktop and US$700 per server.
Vernier Networks, which makes the System 6500 wireless LAN (WLAN) firewall, is expanding its reach by not only supporting wireline access but also adding a way to perform worm-blocking, vulnerability-assessment and patch management.
According to Bethany Mayer, vice-president of marketing, the Vernier WLAN firewall — which consists of its Control Server and Access Manager — next month will get software upgrades that will let the WLAN firewall filter out worms.
The updated version of the System 6500 will be able to check the user’s desktop machines, whether on the WLAN or in the wired network, for known software vulnerabilities before allowing access.
This vulnerability-assessment check would be done via the Qualys scanning service, Mayer said. If the desktop or mobile device is found to lack required software updates, the Vernier security appliance also would be able to initiate a download to the machine via the PatchLink software-patching product.
