Security vendors address spyware

Check Point, Blue Coat Systems and start-up GraniteEdge Security are this week introducing products that address differing network threats ranging from spyware to zero-day attacks.

Check Point Software is adding anti-spyware capabilities to its Integrity software, which scans remote machines for compliance with network security policies. Adding anti-spyware to Integrity may appeal to businesses that want a software package that protects individual PCs rather than one that requires buying separate products from multiple vendors, says Rob Whiteley, an analyst with Forrester Research.

The company also is introducing a service that updates the spyware signature files in Integrity. Check Point draws on a network of cooperating customers that allows the company to gather data about spyware and add new finds to its database.

The update service is priced on numbers of users; for example, it costs $9,250 for 1,000 users. The anti-spyware software is packaged with Integrity 6.5.

To protect networks from attacks coming in through SSL connections, Blue Coat is releasing software for its ProxySG appliance. It lets network security staff peer into encrypted SSL traffic generated from within business networks to block access to unauthorized sites and to prevent SSL links from becoming conduits for viruses or worms.

For example, the state of Delaware uses the software to check that SSL sessions inside its network are not allowing inappropriate content, says Glenn Wright, a senior telecom technologist for the Delaware Department of Technology and Information. State workers or students could connect via SSL to proxy servers on the Internet that allow them to access sites that might be blocked by content filters, he says.

The new ProxySG software terminates SSL sessions, and before re-encrypting the traffic, checks for malicious code or whether the connection is made to a forbidden site. Without the Blue Coat proxy, the state would have no way to differentiate between banned SSL sessions and legitimate ones, Wright says.

The SSL proxy software and add-on SSL acceleration hardware costs $450 to $12,000, depending on which ProxySG appliance it is added to. It is expected to ship in February.

To battle subtle threats that appear for the first time, start-up GraniteEdge is introducing an appliance that analyzes network traffic for unusual behavior and links it to related behavior that adds up to an attack. It then notifies administrators and supplies them with a chart that links the suspicious activities.

The GraniteEdge ESP device draws a chain of related events so users can follow and head off the progress of multistage attacks as they unfold. It is meant to discover attacks that are designed to remain undetected by virus filters, intrusion-detection software and other signature-based security.

"It answers how you tell which events are related," says Peter Christy, a principal at Internet Research Group. "It connects the dots to weird events that show up."

He says it does not compete directly with intrusion detection and prevention products. These other products are useful in reducing the number of attacks that reach the network, he says, and GraniteEdge ESP can find attacks for which there are no signatures.