Security Wares Combat Killer Worms
Viruses and worms that enter corporate networks via email and the Web are on the rise, say experts. So what are security vendors doing to help enterprises protect themselves?
In the last two weeks NetScreen Technologies Inc. (Nasdaq: NSCN), Check Point Software Technologies Ltd. (Nasdaq: CHKP), and Cisco Systems Inc. (Nasdaq: CSCO), three leading players in the security market, launched a series of new products designed to battle the onslaught of meanies.
Each company has taken a different approach to the problem. NetScreen is focusing on the network-based antivirus market. Check Point has added application intelligence to its firewall software. And Cisco, not usually viewed as an innovator in this market, has integrated technology from recent acquisitions to enhance its intrusion detection functions.
“We’re seeing a surge in security activity now, because corporate users are being victimized by more sophisticated, malicious attacks more frequently,” says Jeff Wilson, a security expert with Infonetics Research Inc. “The pot has been stirred, so to speak, by all the new technologies like VPNs. IT managers used to be able to just cut off the Internet connection to prevent something bad from coming into the network, but now they have corporate users connecting over the Internet.”
Most large enterprises already run separate antivirus servers at their main sites and rely on antivirus software on the desktops at remote sites. But this can be risky, because remote computer users could still manage to forward the virus, says Wilson. It's best to keep viruses out of the network altogether. But dedicated antivirus platforms are usually too expensive to deploy at remote locations.
Netscreen and its new partner Trend Micro Inc., a maker of antivirus gateway software, have teamed up to provide a solution. Earlier this week NetScreen introduced its new low-end appliance, the NetScreen-5GT, for remote sites and telecommuters (see NetScreen Integrates Network Security). As part of its new partnership, it will be integrating the Trend Micro antivirus software into the new 5GT.
So far, NetScreen is one of the first companies to integrate antivirus functionality into a firewall product, says Wilson, who points out that virus scanning only solves one piece of the problem.
“Virus scanning will help for now,” he says. “It’s good to move forward. But ultimately these products need to add more security intelligence to inspect all kinds of applications. That is really the security nirvana.”
Check Point is actually trying to do this. Last week, it announced that it would be adding new application intelligence technology to address these attacks (see Check Point Protects Applications). This new technology will be integrated into the company's latest version of its product suite, Check Point Next Generation.
The problem is that Web access creates a huge security hole in an enterprise network, because most firewalls are not able to monitor applications. The way firewalls typically work is that they limit traffic coming into certain ports on a router, but because all Web traffic comes in on the same port, Port 80, the firewall can’t distinguish between the good traffic and the harmful traffic.
“You can’t just cut off access to port 80, especially with the use of IP VPNS today,” says Wilson. “It’s a big challenge for enterprise IT managers to figure out what’s the bad traffic and what isn’t.”
On Tuesday this week, Cisco announced new security and service offerings focused on intrusion prevention and detection (see Cisco Enhances Security). The new features are based on the company’s acquisitions of Psionic, which will help it reduce false-positive alarms, and Okena, which offers a solution that employs end-user behavior patterns to help prevent unwanted traffic from entering the network (see Cisco Buys Psionic and Cisco's Got an Okena ).
Cisco isn’t the only company with an intrusion detection story. Several other vendors -- among them, Enterasys Networks Inc. (NYSE: ETS), Internet Security Systems Inc. (Nasdaq: ISSX), NetScreen, Network Associates Inc. (NYSE: NET), and Symantec Corp. (Nasdaq: SYMC) -- have developed intrusion detection features. As Cisco did, NetScreen and Network Associates have also gotten into the game via acquisitions.
Cisco’s announcement also focused on improving management and VPN functionality. While the new features have not broken new ground, the announcement highlights Cisco’s security roadmap, which centers on improving manageability and providing end-to-end security solutions. Even with these new features, Cisco is still missing key pieces of the security puzzle, say experts.
“While Cisco may be refocusing its security efforts, frequently utilizing price discounts, we believe Cisco may need to look to additional acquisitions to round out its security portfolio,” writes Mark Sue, an analyst with CE Unterberg Towbin in a research note published this week.
Wilson says that all the new announcements are welcome advances in security: “Ultimately, the average person doesn’t care much about what the technology is called or how it works. They just want to keep the bad traffic out without losing any of their good traffic.”
— Marguerite Reardon, Senior Editor, Light Reading