Security vendors take softer approach

Worm prevention and Internet monitoring are the primary focus of new security products expected this week from Symantec, Sana Security, Zix and Websense.

Symantec is unveiling Symantec Gateway Security (SGS) 400, a 100M-bit/sec appliance that combines Web-content filtering, firewall and intrusion-prevention protection for offices with up to 200 users. Sana Security will launch a new line of desktop software, called Attack Shield, for stopping worms,Trojans and keyloggers. Zix and Websense each are introducing upgrades to their content-filtering software for monitoring and blocking access to unauthorized Internet use.

Symantec's product has less punch than the higher-end SGS 5400 series appliances; for example, SGS 400 can't run anti-virus software because the hardware isn't powerful enough. However, the company says the SGS 400 does have a feature to check desktops internally to make sure the latest anti-virus signature updates and anti-virus software are activated. It also has a wireless option so that SGS 400 can act as a wireless LAN gateway to provide firewall and IPSec-based VPN support.

Host-based intrusion-prevention systems also gets a boost this week from Sana Security. For two years Sana has offered server-based software called PrimaryResponse that can thwart worms and other attacks through so-called "behavior-blocking," a technique for stopping malicious code execution by recognizing its behavior rather than through specific "signatures" designed to identify exploits. Sana is turning to the desktop with a new software line called Attack Shield.

Attack Shield Worm Suppression for Windows 2000 and XP will prevent buffer-overflow by computer worms and other code-injection assaults, the company says.

The second product, Attack Shield Malware Protection, is meant to block Trojans that spy and steal data, as well as other types of malware. It's expected to ship early next year.

The first version of Attack Shield will lack the full management support found in PrimaryResponse, which has a console for pushing out the software, remotely setting policy and compiling reports. However, by year-end, Sana intends to have Attack Shield working under the upcoming version of PrimaryResponse Version 3.0.

Competing products include Cisco's Security Agent, eEye Digital Security's Blink 1.0 and McAfee's Entercept and its latest desktop anti-virus, which includes behavior-based IPS.

David Grounds, president and CEO of Dorn Homes, a community homes builder in Tucson, Ariz., says his IT department has added Attack Shield Worm Suppression to desktops because of a heightened need for security in an office that relies on online applications for recording construction schedules and sales contracts.

"Attack Shield was easy to install, and it has stopped worm outbreaks," Grounds says. The company will continue to use Symantec's Norton AntiVirus software for additional protection.

Websense, Zix unveil upgrades

Websense and Zix each will unveil upgrades to their Web monitoring software.

Websense Enterprise 5.5, which can run on Windows, Linux or Solaris servers, helps in identifying sites that might pose risks, such as sites for phishing scams or dangerous spyware.

"Before, we did this on a nightly basis, but now we're going to update this as soon as we detect something," says Eric Rohy, senior product manager at Websense. The company also will provide these real-time updates to its desktop host software, Websense Client Policy Manager, which prevents unauthorized desktop applications such as spyware.

Websense Enterprise 5.5 helps enforce image-search filtering at the Google and Yahoo search sites to stop unauthorized content from being downloaded into the corporate network.

A competitor to Websense, Zix is upgrading its Web-monitoring product, Web Inspector, so it can monitor, control and report on protocols other than HTTP. The new version, Web Inspector 7.1, also will watch over use of Internet chat file transfer, instant messaging, telnet, the Real-time Streaming Protocol and mail from AOL, Yahoo and MSN. It will be able to send a warning without having to block a user who attempts unauthorized activity.

Lee Brooks, product manager at Zix, says the new capabilities in the product will help stop viruses from invading via Internet chat and other means and cut down on bandwidth use. He notes that network managers should be mindful that there are likely to be cagey users within their organizations who will circumvent blocking mechanisms by using bogus addresses or Common Gateway Interface scripts.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.