- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Of the 74 companies showing off their wares at this year's Demo@15 conference, more than half are focused on the enterprise. For a majority of those companies, the message is simple: It's about security, stupid.
IT managers looking to this year's emerging technology conference (produced by Network World) for hints about the direction security is taking will see a strong shift away from the perimeter to end-to-end data management .
"You cannot put a brick wall around an organization," says Demo Executive Producer Chris Shipley. "The goal [for IT executives] should be to protect data from the bad guys and to protect your CEO."
She says companies that are knee-deep in extending their companies are looking to policies and access rights as a basis for securing corporate data. "It's not whether I have a secret knock to get on the network, but do I have rights [to this data]? We're going to start looking at things on a granular basis."
Look for several compliance tools that address this mandate, she says. "The whole issue of compliance is driving innovation."
IPLocks' Information Risk Management Platform focuses on deterring internal threats. "More than 75% of data theft occurs by employees who have legitimate access to data," says Christine Crandell, vice president of marketing. She adds that data often lies unprotected within corporate databases.
The Information Risk Management Platform has tools for database vulnerability assessment, monitoring, audit analysis, user behavior tracking and regulatory compliance checks. Enterprise managers can set rules for how users normally access databases so that when anomalies occur, they are alerted and can react quickly. They also can equip company executives with a dashboard view of database access for instant analysis of the company's compliance and vulnerabilities.
Version 5.0 of the application, which works with major database platforms, including Oracle, IBM DB2, Sybase and SQL Server, will be generally available in April. Pricing ranges from $15,000 to $225,000, and is based on number of database server CPUs.
Cenzic is also focused on vulnerability assessment, but at the application level. Cenzic's Hailstorm 2.0 lets enterprise managers automatically test the security of their commercial and custom Web applications .
Mandeep Khera, vice president of marketing at Cenzic, says IT executives must put the same level of focus on policy compliance for Web-based applications as they do legacy applications. "You have to have internal policies and test for strong passwords and make sure you discover vulnerabilities," he says.
Hailstorm 2.0 lets enterprise managers perform stateful application inspection, test from the user level down to the source code, and either employ policies from Cenzic's library or develop their own. The application also features an API for integration with Mercury Interactive's Mercury Quality Center and Mercury TestDirector network monitoring tools.
Khera says financial services firms under mandate from the Graham-Leach-Bliley Act can use the tool to attack their applications and report on vulnerabilities. Reports then can be shown to developers to make sure the holes are plugged.
Hailstorm 2.0 is priced on a per-application and subscription basis.
Imprivata is taking a different approach on security struggles that IT managers face by tackling the ever-frustrating password dilemma.
"Every user in the corporate environment has a minimum of eight to10 passwords," says Omar Hussain, senior vice president for product management. "They have passwords for everything: Hotmail, e-mail, network logins, HR applications and 401(k) informational sites. And because of compliance and other security issues, more difficult passwords are being enforced."
He says the real victims are IT organizations that have to manage and field help desk calls for creating, resetting and deleting passwords. With strict oversight, IT organizations for industries such as healthcare must verify information about a user before doing any of these tasks.
Imprivata's OneSign is a single sign-on appliance that integrates with the company's directory to manage password complexity. IT managers plug the OneSign appliance into Active Directory, which downloads user data from the network. The appliance gathers information about the network applications each user employs and then deploys agents to the desktop. The first time a user authenticates via the agent, the tool gathers passwords, and encrypts and manages them at the appliance level. For added security, enterprise managers can implement fingerprint or smart-card authentication. OneSign also features an auditing and reporting tool that lets IT managers track the users' application access.
Pricing for OneSign starts at $15,000 for less than 500 users and $180,000 for 10,000 users.
While some companies are squarely focused on protecting data, others are trying to meld in security for VoIP as well.
KoolSpan CEO Tony Fascenda says the biggest challenge IT executives face in trying to authenticate voice and data over IP is the array of connectivity choices available, including wired and wireless networks.
VoIP works well within a network but requires significant configuration changes for remote access - too complex for most users, he says.
KoolSpan created its TrustChip, which features 256-bit Advanced Encryption Standard encryption, to establish an end-to-end connection that recreates the local user experience. "No matter where the user is, we create a secure tunnel, and once you've connected to an internal device, you're recognized as a local user," he says. Fascenda says this avoids the challenges of network address translation and IPSec tunneling.
The TrustChip can be embedded into "an IP phone, a voting machine, a laptop, a PDA, a network switch - anything that lets a machine make a connection across a network," Fascenda says. The user plugs in a USB secure token to the device to authenticate and establish a connection across the network to the internal system. "All the roles and policies map to the user as if he were inside the office," he says.
KoolSpan is licensing the TrustChip on an OEM basis to VoIP and other companies.
The Leader in Network Knowledge
Comment