Aventail improves cleanup, client security

Faced with a rising tide of competition in the market for Secure Sockets Layer VPN products, Aventail plans to announce a number of updates to its SSL VPN platform, called "ASAP."

Aventail Monday plans to unveil ASAP 7.1, which has new features that clean up files on client machines, make it easier to create access control policies and prevent insecure clients from logging on to networks, the company said.

ASAP, which stands for Anywhere Secure Access Policy, is the technology platform used for Aventail's EX-1500 SSL VPN appliance and allows administrators to create and deploy user access policies and configure client options. Among other changes, ASAP 7.1 improves Aventail's Cache Control feature, which removes data sent to remote clients during SSL VPN sessions after those sessions have ended, said Sarah Daniels, vice president of product management and marketing at Aventail.

Aventail's products have long cleaned temporary files, e-mail file attachments, cookies, Web pages and other data left on machines. The new software is more thorough in searching out data that is temporarily stored by Microsoft's Internet Explorer Web browser during SSL VPN sessions. The new Cache Control feature is thorough enough in removing data to comply with the U.S. Department of Defense's clearing and sanitizing standard, known as DoD 5220.22-M, she said.

An optional feature, called Aventail Secure Desktop, provides even more secure handling of SSL VPN data by creating a virtual workspace and temporary, encrypted "vault" on client machines where session data is downloaded and stored. The workspace and vault are destroyed at the end of each session, erasing any data stored there, Aventail said.

Aventail also improved the policy management features in ASAP 7.1. Previous versions of ASAP required administrators to write access policies using a complex syntax. A new user interface and an object-based policy model in Version 7.1 lets administrators browse LDAP (Lightweight Directory Access Protocol), Microsoft Active Directory or Radius directories to select users, user groups or policies, automatically building the policy language.

The new management feature will speed the creation of access policies and reduce typos and other user errors, Daniels said.

Finally, Aventail said it was partnering with three companies to help its customers secure their networks from vulnerable or compromised SSL clients. Aventail is integrating support for Zone Labs' Clientless PC Security and WholeSecurity's Confidence Online products. Customers using those products will be able to use them seamlessly with Aventail's EX-1500 appliance to inspect remote clients for virus infections or the presence of spyware or Trojan horse programs before allowing them to establish an SSL VPN connection, Daniels said.

SSL VPNs are an increasingly popular technology for providing remote users with access to network resources such as e-mail, software applications and network file servers. As opposed to VPNs that use IPsec, SSL VPNs rely on the SSL protocol, which is a part of most common Web servers and Web browsers and is widely used to secure e-commerce transactions. As a result, they are typically "clientless," meaning they do not require a separate software application to be installed on the remote user's machine. That allows remote users to securely connect to networks from any computer with an Internet connection and a Web browser, including home computers and public kiosks.

An early leader in the market for SSL VPN, Aventail now faces competition from a number of other technology companies, including established players in the networking equipment market like Cisco, which added SSL VPN features to its VPN 3000 Series Concentrator in November.

Check Point also plans to announce on Monday a new Web security gateway appliance called Connectra that combines SSL VPN remote access with an integrated Web server and endpoint security, also from Zone Labs, which Check Point recently purchased.

In recent weeks, Aventail and MCI announced they will be partnering with MCI to deliver SSL VPN technology, and Aventail plans to introduce new features to its Remote Access suite of services, including technology to detect online fraud and scramble user passwords sent over MCI's global network.

Aventail has not seen any decrease in business as a result of new competition from Cisco and others, according to Daniels. She argued that Aventail's head start in developing SSL VPN products will keep the company safe from competition in the short term. In the long term, Aventail must continue to innovate and be a technology leader to survive, she said.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.

IT Salary Survey 2021: The results are in