Security companies next week are trotting out intrusion-prevention system and vulnerability-assessment products that not only widen customer choice but also indicate growing multi-vendor collaboration.
McAfee Inc. is expected to announce the IntruShield 1400, a new model in its IntruShield IPS appliance line. The four-port, 200Mbps appliance is a midrange IPS that detects and blocks attacks in the same way as IntruShield’s 100Mbps 1200 model, 600Mbps 2600 model and 2Gbps 4000 model. According to Vimal Solanki, McAfee’s director of product marketing, the IntruShield 1400, which costs US$15,000, is intended for midsize businesses and branch offices.
McAfee also is set to announce that its ePolicy Orchestrator management console, which can consolidate security event information related to the McAfee desktop firewall, host-based IPS, spam activity and even rival Symantec Corp.’s anti-virus software, now also will be able to share collected data with IBM Corp.’s security management software, Tivoli Risk Manager. IBM says about 70 products from various vendors have this capability.
Another IPS vendor, ForeScout Technologies Inc., next week is expected to announce an updated version of its WormScout appliance, typically deployed on LAN segments to deny network access to worm-infected computers.
The WormScout 4.0 appliance can detect e-mail worms in addition to network-borne worms, says Ayelet Steinitz, ForeScout’s product marketing director. In addition, WormScout 4.0 includes the open source Nessus vulnerability-assessment tool. Nessus reports on security holes in WormScout so that the appliance, which now has a built-in firewall, has the option of opening or closing firewall ports based on policy.
WormScout 4.0, priced starting at US$12,000, also will have optional software plug-ins for disabling switch ports and integrating with BMC Software’s Remedy trouble-ticketing system.
Meanwhile, teaming among security vendors continues at a fast clip. Vulnerability-assessment product vendor nCircle Network Security Inc. is making changes to its IPS360 scanner appliance, adding an optional module called nCircle nTellect that will allow for correlation of known network exposures with intrusion-detection data that the Cisco Systems INc. IDS sensor collects.
This ability to share vulnerability information continuously with the Cisco IDS makes the sensor more efficient in presenting the threat information most pertinent to a corporation’s security managers, says Abe Kleinfeld, nCircle president and CEO. IPS360 is priced starting at US$35,000 and the nTellect option would add US$20,000 to the price.
A handful of firms, including Internet Security Systems Inc. and Sourcefire, are working to combine vulnerability-assessment data with attacks picked up by an IDS sensor in order to pinpoint high-threat attacks and weed out irrelevant attack information.
At Kansas City, Mo., energy firm Aquila, which is beta-testing nCircle’s nTellect with Cisco IDS, communications engineer Tim Raines says the scanning data has made IDS “much more usable and easier to tune.” V-Secure Technologies Inc., which sells the V-Secure IPS, this week is expected to announce Version 6.4 of its 250Mbps appliance will be managed by a new console, called NetVisor.
The console will be able to control up to 30 of the updated IPSs rather than one, as was the case with the previous version. Pricing ranges from US$12,000 to US$55,000 for the V-Secure IPS models. In addition, V-Secure says it is working to have its IPS correlate security events with host-based IPS software vendor Sana Security.
Finally, a security start-up called The Barrier Group is making its debut with a security appliance called Barrier1, which combines multiple open source security technologies – including the Snort IDS, Clam-AD anti-virus software, Spam Assassin anti-spam software and Squidguard Web content filtering – into one 3Gbps appliance.
Three Barrier Group appliance models, which cost between US$67,200 and US$117,600, also are being leased as a service for monthly charges that range from US$4,000 to US$7,000. Rob Demopoulos, CTO and co-founder, says his company brings to the package proprietary IPS code and the recipe for combining about two dozen open-source technologies.
Diversico Industries Inc., a small tools fabricator in Minneapolis, uses Barrier1. Previously, the company had ongoing virus problems and had its servers broken into several times.
The situation has improved using Barrier1, and “at this point, I can say I feel confident about using open source,” says Todd Woyke, an engineer with the firm.