& cplSiteName &

Security Wares Combat Killer Worms

Light Reading
News Analysis
Light Reading
5/23/2003

Viruses and worms that enter corporate networks via email and the Web are on the rise, say experts. So what are security vendors doing to help enterprises protect themselves?

In the last two weeks NetScreen Technologies Inc. (Nasdaq: NSCN), Check Point Software Technologies Ltd. (Nasdaq: CHKP), and Cisco Systems Inc. (Nasdaq: CSCO), three leading players in the security market, launched a series of new products designed to battle the onslaught of meanies.

Each company has taken a different approach to the problem. NetScreen is focusing on the network-based antivirus market. Check Point has added application intelligence to its firewall software. And Cisco, not usually viewed as an innovator in this market, has integrated technology from recent acquisitions to enhance its intrusion detection functions.

“We’re seeing a surge in security activity now, because corporate users are being victimized by more sophisticated, malicious attacks more frequently,” says Jeff Wilson, a security expert with Infonetics Research Inc. “The pot has been stirred, so to speak, by all the new technologies like VPNs. IT managers used to be able to just cut off the Internet connection to prevent something bad from coming into the network, but now they have corporate users connecting over the Internet.”

Most large enterprises already run separate antivirus servers at their main sites and rely on antivirus software on the desktops at remote sites. But this can be risky, because remote computer users could still manage to forward the virus, says Wilson. It's best to keep viruses out of the network altogether. But dedicated antivirus platforms are usually too expensive to deploy at remote locations.

Netscreen and its new partner Trend Micro Inc., a maker of antivirus gateway software, have teamed up to provide a solution. Earlier this week NetScreen introduced its new low-end appliance, the NetScreen-5GT, for remote sites and telecommuters (see NetScreen Integrates Network Security). As part of its new partnership, it will be integrating the Trend Micro antivirus software into the new 5GT.

So far, NetScreen is one of the first companies to integrate antivirus functionality into a firewall product, says Wilson, who points out that virus scanning only solves one piece of the problem.

“Virus scanning will help for now,” he says. “It’s good to move forward. But ultimately these products need to add more security intelligence to inspect all kinds of applications. That is really the security nirvana.”

Check Point is actually trying to do this. Last week, it announced that it would be adding new application intelligence technology to address these attacks (see Check Point Protects Applications). This new technology will be integrated into the company's latest version of its product suite, Check Point Next Generation.

The problem is that Web access creates a huge security hole in an enterprise network, because most firewalls are not able to monitor applications. The way firewalls typically work is that they limit traffic coming into certain ports on a router, but because all Web traffic comes in on the same port, Port 80, the firewall can’t distinguish between the good traffic and the harmful traffic.

“You can’t just cut off access to port 80, especially with the use of IP VPNS today,” says Wilson. “It’s a big challenge for enterprise IT managers to figure out what’s the bad traffic and what isn’t.”

On Tuesday this week, Cisco announced new security and service offerings focused on intrusion prevention and detection (see Cisco Enhances Security). The new features are based on the company’s acquisitions of Psionic, which will help it reduce false-positive alarms, and Okena, which offers a solution that employs end-user behavior patterns to help prevent unwanted traffic from entering the network (see Cisco Buys Psionic and Cisco's Got an Okena ).

Cisco isn’t the only company with an intrusion detection story. Several other vendors -- among them, Enterasys Networks Inc. (NYSE: ETS), Internet Security Systems Inc. (Nasdaq: ISSX), NetScreen, Network Associates Inc. (NYSE: NET), and Symantec Corp. (Nasdaq: SYMC) -- have developed intrusion detection features. As Cisco did, NetScreen and Network Associates have also gotten into the game via acquisitions.

Cisco’s announcement also focused on improving management and VPN functionality. While the new features have not broken new ground, the announcement highlights Cisco’s security roadmap, which centers on improving manageability and providing end-to-end security solutions. Even with these new features, Cisco is still missing key pieces of the security puzzle, say experts.

“While Cisco may be refocusing its security efforts, frequently utilizing price discounts, we believe Cisco may need to look to additional acquisitions to round out its security portfolio,” writes Mark Sue, an analyst with CE Unterberg Towbin in a research note published this week.

Wilson says that all the new announcements are welcome advances in security: “Ultimately, the average person doesn’t care much about what the technology is called or how it works. They just want to keep the bad traffic out without losing any of their good traffic.”

— Marguerite Reardon, Senior Editor, Light Reading

(10)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
arak
arak
12/5/2012 | 12:00:51 AM
re: Security Wares Combat Killer Worms
"So far, NetScreen is one of the first companies to integrate antivirus functionality into a firewall product, says Wilson, who points out that virus scanning only solves one piece of the problem."

GǣVirus scanning will help for now,Gǥ he says. GǣItGs good to move forward. But ultimately these products need to add more security intelligence to inspect all kinds of applications. That is really the security nirvana.Gǥ

Mr. Wilson is either on someone's payroll or just doesn't have current knowledge of the network security industry.

There is a company out there that makes such a security nirvana product and its name is Fortinet. Granted it is not true nirvana, but Fortinet products are much closer to nirvana than offerings from other companies mentioned in the article.

Margie, please update the article with Fortinet for the sake of journalistic integrity. ;o)

Arak
PS: I do not work, nor hold any interest in Fortinet. Lets just say that I'm one of their happy customers. They really provided real bang for the buck as far as my organization goes.
BobbyMax
BobbyMax
12/5/2012 | 12:00:47 AM
re: Security Wares Combat Killer Worms
There are no security standards. This makes security products from different vendors to co-exist. Right now this is the most difficlt problem. The lack of standrds also caused a lof vendors to emerge. Currently the only available stardard is from ISO. ISO 17799 is the most widely recognised security standard.
a-dude
a-dude
12/5/2012 | 12:00:45 AM
re: Security Wares Combat Killer Worms
BobbyMax,
About lack of standards... given the moving target nature of the security threats.. can we wait long enough for standards to evolve??

a-dude
a-dude
a-dude
12/5/2012 | 12:00:45 AM
re: Security Wares Combat Killer Worms
I have recently started being aware of network security issues... and man it is a scary world out there (not trying to spread paranoia (smile))... Giving the changing and evolving nature of these threats, it seems like an impossible task to stop them all from happening.. And then there is the cost of managing the security for an enterprise network... All this without thinking about 802.11..
Any thoughts on this from knowledgable persons will be appreciated..

a-dude
skeptic
skeptic
12/5/2012 | 12:00:45 AM
re: Security Wares Combat Killer Worms
I have recently started being aware of network security issues... and man it is a scary world out there (not trying to spread paranoia (smile))... Giving the changing and evolving nature of these threats, it seems like an impossible task to stop them all from happening..
================
As often as not, the worst problems seem to be
microsoft problems rather than network problems.
All the core microsoft applications have serious
and fundemental design flaws which make any
real attempt at security doomed to failure.

Every effort focuses on detection and the
symptoms rather than the real cure which is
to end certain practices in application
programming and to re-design or remove features
from applications until the problem goes away.

Most of the time, the pattern to the threats
is very similar. It can manifest itself in
many different ways, but in the end its often
the case that what should be "inert" content
is carrying software inside of it and the
system can't limit the scope of actions of
the software inside the content.

But rather than address the problem, we have
researchers at top universities working on
"active networks" which wants to import the
same disasterous ideas into routers.
dljvjbsl
dljvjbsl
12/5/2012 | 12:00:34 AM
re: Security Wares Combat Killer Worms

Most of the time, the pattern to the threats
is very similar. It can manifest itself in
many different ways, but in the end its often
the case that what should be "inert" content
is carrying software inside of it and the
system can't limit the scope of actions of
the software inside the content.

But rather than address the problem, we have
researchers at top universities working on
"active networks" which wants to import the
same disasterous ideas into routers.


As I understand it, active networks can (must, will, should) be designed to severely constrain what the code is able to accomplish.

For example, CPL (Call Processing Language) from teh IETF allows users to program there own VoIP call handling (forwards etc.) The language is constrained so that it cannot be used to create uncontrolled operations within the router or uncontrolled call routing. The language is in XML and interpeted. Thus the behaviour of the proxy is controlled by its internal software which functions according to user preferences as prescribed in his CPL script. I do not see why this cannot be the standard mode of operation of active networks.
alchemy
alchemy
12/5/2012 | 12:00:32 AM
re: Security Wares Combat Killer Worms
For example, CPL (Call Processing Language) from teh IETF allows users to program there own VoIP call handling (forwards etc.) The language is constrained so that it cannot be used to create uncontrolled operations within the router or uncontrolled call routing. The language is in XML and interpeted.

Now there's a brilliant idea. Imagine trying to do a true hardened primary line telephone service where customers can embed XML scripts into call processing. There's absolutely no way you can prove that you have a stable environment... the Halting problem shows that.

It always amazes me that the IETF *cough* Cisco *cough* keeps trying to re-invent telephony and keeps trying to push all the intelligence to the endpoints.
skeptic
skeptic
12/5/2012 | 12:00:31 AM
re: Security Wares Combat Killer Worms
For example, CPL (Call Processing Language) from teh IETF allows users to program there own VoIP call handling (forwards etc.) The language is constrained so that it cannot be used to create uncontrolled operations within the router or uncontrolled call routing. The language is in XML and interpeted. Thus the behaviour of the proxy is controlled by its internal software which functions according to user preferences as prescribed in his CPL script. I do not see why this cannot be the standard mode of operation of active networks.
====================

All that sounds really good on paper, but every
time someone moves in this direction, the
language doesn't turn out to be as constrained
as it seemed or gets extended in a way that
eventually subverts its security in favor
of a feature.

If people at IETF and in the vendor community
had enough self-discipline, they might be able
to keep it secure. But I dont think they do.




dljvjbsl
dljvjbsl
12/5/2012 | 12:00:30 AM
re: Security Wares Combat Killer Worms

Now there's a brilliant idea. Imagine trying to do a true hardened primary line telephone service where customers can embed XML scripts into call processing. There's absolutely no way you can prove that you have a stable environment... the Halting problem shows that.


CPL is NOT embedding XML scripts into call processing.


It always amazes me that the IETF *cough* Cisco *cough* keeps trying to re-invent telephony and keeps trying to push all the intelligence to the endpoints


Distributed call processing is old hat. What CPL is the beginning of is something entirely diffeernt and much better.

Aside from that the centralized AIN model has had many years of deployment and still does very little if anything useful. At least CPL is the beginnning of a truly useful set of services. AIN is a set of standards documents that have been implmented at great cost to create amazing services. It is just that no one has been able to figure out how to create great services with AIN's strictly cenralized model. 800 number translation is not the be all and end all of technology.

As for Cisco being the driving force behind CPL. It came out the the Columbia group that is connected to Lucent. Nortel has implemented it and is offering it in its enterprise products. Several PBX vendors are doing likewise. Nortel and Lucent must know something about call processing.
dogmeat
dogmeat
12/5/2012 | 12:00:27 AM
re: Security Wares Combat Killer Worms
Remember, Voice over IP is the KEY to getting enterprises to churn their installed base of equipment and Telecomms to build new "revenue generating" services...

Lots of jobs depend on VoIP succeeding so lets never say anything bad about it. OK? <eom>

After Y2K and E-Biz perfect storm, there needs to be some marginally justifiable excuse to change current gear with a 7 years of life left. Right? Well, VoIP is the excuse, so shut up and start believing it's better.

Har, har...</eom>
Featured Video
Upcoming Live Events
November 5, 2019, London, England
November 7, 2019, London, UK
November 14, 2019, Maritim Hotel, Berlin
December 3-5, 2019, Vienna, Austria
December 3, 2019, New York, New York
March 16-18, 2020, Embassy Suites, Denver, Colorado
May 18-20, 2020, Irving Convention Center, Dallas, TX
All Upcoming Live Events