Zone Labs Inc. is introducing a new version of its security software that increases the types of 802.1x wireless devices that it supports to include handhelds and phones, letting customers ensure specified security measures are in place before those devices are allowed wireless network access.
Zone’s Integrity 5.0 fully integrates with Check Point Software Technologies Ltd. VPN gateways, an important move because Check Point is in the process of buying Zone. Rather then checking simply whether the remote machine had a personal firewall running, Integrity 5.0 can now check whether it has antivirus software running at the right version, has appropriate Microsoft Corp. patches and other checks users define. Previously Integrity had this level of integration with Cisco Systems Inc. and Nortel Networks Corp. VPN gear as well as 802.1x wireless equipment.
Integrity’s ability to check for any program on a remote device is key to Epson America, a marketing division of the printer manufacturer, which has set up kiosks in malls where shoppers can punch in the menu for a local restaurant, pick a meal and get back a suggestion for wine to go with it. With Integrity, the company can check whether the kiosk software is running and update policies to the Integrity firewall, says Sam Elkholy, Epson’s manager of professional services. Before installing the software, the machines had been attacked by hackers, he says, and plagued by pop-up ads.
In addition, the software can now check whether the right version of Computer Associates International Inc. and Sophos PLC anti-virus software is running on the remote computer. Previously, Integrity could check for software made by Network Associates Inc., Symantec Corp. and Trend Micro Inc. Integrity checks for the current version of the software and can either issue users a warning that an update is needed or direct users to a site where they can download it.
With the new software version customers can manually add checks for antivirus software made by other vendors, as long as the customers know what files to look for.
Customers can also grant limited access to corporate networks for machines whose security is found lacking. Before, they could be referred only to dedicated servers quarantined from the rest of the network. Now customers can grant restricted access to network-based servers that contain the necessary updates to bring the remote machines into compliance.
The new software offers emergency management features that can shut down rogue applications immediately and automatically push out instructions to update antivirus software in the face of new threats. Without the new features, the software would first check the activity of applications and shut them down only after they demonstrated they were violating security policies.
Integrity 5.0 can scan remote machines accessing the network via SSL VPN remote access links if the remote machine is using Internet Explorer 5.1 or newer as a browser and has enabled ActiveX. When remote users log into corporate pages, the ActiveX script is embedded in the page and attempts to execute in the remote machine.
The software allows finer control of instant messaging. Before, Integrity either allowed it or denied it. With 5.0, it can control whether files can be attached to IM traffic, can strip embedded URLs and can limit connections to authorized buddy lists.
The software competes against products from Symantec and McAfee.
Integrity 5.0 is available this spring, with pricing starting at US$65 per seat. The instant messaging software costs US$20 per seat extra.