Security titans ready for showdown at RSA

Network-access control and security-policy enforcement are expected to grab much of the limelight at this week’s RSA Conference 2006, which organizers estimate will draw 14,000 attendees and more than 300 exhibitors.

Network-access control and security-policy enforcement are expected to grab much of the limelight at this week’s RSA Conference 2006 (complete conference coverage), which organizers estimate will draw 14,000 attendees and more than 300 exhibitors.

The roster of keynote speakers reads like a who’s who of IT industry CEOs: Bill Gates of Microsoft, Art Coviello of RSA Security, Scott McNealy of Sun, John Chambers of Cisco, Stratton Sclavos of VeriSign, John Thompson of Symantec and Thomas Noonan of Internet Security Systems (ISS).

In his keynote address, Chambers will be talking up Cisco’s Network Admission Control program, which relies on the company’s switches and routers to enforce endpoint security policy, such as requiring anti-virus updates or software patches. Cisco also plans to announce Cisco Security Manager, management software that is integrated into the company’s monitoring, analysis and response system.

Cisco’s vision will not go unchallenged.

3Com, which is dispatching its Chief Technology and Strategy Officer Marc Willebeek-LeMair to present a keynote on Thursday, is expected to launch its so-called Quarantine Protection System.

Presented as an alternative to Cisco technology, the Quarantine Protection System is supposed to work with 3Com and Cisco LAN switches to block network access to a Windows-based desktop machine if it doesn’t conform to designated security policies. 3Com’s method will use the 3Com TippingPoint intrusion-prevention system to detect unauthorized behavior from a client machine and send an alert to Microsoft’s System Management Server.

In his keynote on Wednesday, Symantec’s Thompson is expected to outline a strategy to provide security services that will protect Web users from spyware and phishing attacks. Symantec also plans to unveil its own network-access control product this week, as is McAfee.

VPN vendors will use the show to launch new products and partnerships that tighten VPN access and offer higher speeds.

Citrix is expected to introduce three hardware models of its Access Gateway, the company’s SSL VPN termination device, to accommodate more concurrent users. The company until now had only one device, the Access Gateway 2000, which supports 1,000 users. The three new models, the 5000, 7000 and 9000, support 2,000, 2,500 and 5,000 users, respectively. Pricing for the 5000 starts at $5,500; the 7000 at $17,500; and the 9000 at $25,000.

Citrix also is dividing the Access Gateway product line into standard and advanced editions. The advanced edition adds software that manages which network resources users can access and which functions – such as print, save and view – they are allowed to perform based on how trusted the machine that they are using is.

Citrix also is set to offer a scaled-down version of its application firewall that can guard against most attacks without having to spend time monitoring Web-application server traffic first. The company says the new standard version of its Citrix NetScaler devices will block SQL injection, cross-site scripting, buffer overflows and worm attacks, representing 80% of the attacks Web application servers face.

The enterprise version of the NetScaler software includes a learning capability that figures out what normal application traffic looks like, and can sort out other kinds of threats such as attacks that manipulate JavaScript, cookies and URL form fields.

Another SSL vendor, Aventail, plans to announce an alliance with Arcot to bring two-factor authentication into Aventail’s SSL VPN gear. The Arcot product is a software smart card that can reside on a laptop or USB storage sticks, making it possible to better determine that remote users are who they say they are.

Arcot software will be embedded in Aventail’s VPN gateways to enable use of the smart cards and issue one-time passwords for sessions.

Juniper is expected to announce an upgrade to the software for its DX Web-acceleration appliances so they can operate more efficiently with Juniper Secure Access SSL VPN gateways. For instance, the acceleration gear will be able to load-balance VPN requests between two redundant VPN gateways that would otherwise be deployed with one sitting idle as a backup. The upgrade also makes the accelerators see the gateways as Web servers so they communicate more efficiently.

The new software also will enable global-server load balancing by designating one DX in a network as authoritative and giving it the ability to route requests to the appropriate DX that is less busy or closer, or the one fronting the resources a user seeks. The new DX software is available in March. It is sold in three separate packages and for three separate hardware platforms, ranging from $15,000 to $70,000.

Nokia is expected to introduce an IPSec hardware platform to support Check Point firewall/VPN software in small data centers and branch offices. The IP 560 has a 6Gbps firewall and options for as many as 12 Gigabit Ethernet ports. Pricing starts at $16,500.

CipherOptic is scheduled to introduce a VPN-only box called the SG 1002 that handles IPSec encryption at 1Gbps. The device is meant to sit outside firewalls to promote low-latency, lower-cost VPN connections. The SG 1002 costs $30,000.

Sun plans to announce a set of code extensions to its Solaris 10 operating system that will provide “sensitivity” labeling of data and clearance labeling of users.

This trusted-extension software for Solaris 10, expected to be available in August, will allow data sharing to be restricted based on users’ assigned privileges. Sun also is submitting this trusted-extension code for review by the federal government’s Common Criteria security-evaluation program to be assessed at Evaluation Assurance Level 4, a process that will probably take a year to complete. The software certification makes it easier to sell to government agencies in more than a dozen countries that are united in supporting the Common Criteria program.

In related news, Red Hat, in partnership with IBM, is expected to announce that Red Hat Enterprise Linux 4 has achieved EAL4-plus certification, as well as Federal Information Processing Standard certification for encryption, under the federal government’s product-evaluation programs.

In addition, Sun is set to announce it has added an option for using elliptic curve cryptography in its Java System Web Server as an optional alternative to the RSA algorithm in SSL. Sun’s Senior Staff Engineer Vipul Gupta noted that ECC is faster and can be used at higher key lengths more easily in small handheld devices.

Oracle is expected to announce that its Identity Management 10g Release 3 platform will ship in May. The suite will incorporate technologies gained in the 2005 acquisitions of Oblix (Web access management and federation), Octet String (virtual directory), Thor (provisioning) and Phaos (federation). Release 3, the first since those acquisitions, shows Oracle “both honors the development commitments of the products prior to acquisition” and gives Oracle “broader market reach,” says Forrester Research analyst Jonathan Penn.

ISS is expected to announce that it’s making the Proventia Network Enterprise Scanner, previously software only, available as a hardware appliance that starts at $7,250. ISS also plans to launch the Proventia Network Anomaly Detection System – a tool for examining network activity patterns – in partnership with Arbor Networks.

Network World Senior Editors Phil Hochmuth and John Fontana also contributed to this story.