Security vendors harden products

Security companies this week are trotting out intrusion-prevention system and vulnerability-assessment products that not only widen customer choice but also indicate growing multi-vendor collaboration.

McAfee is expected to announce the IntruShield 1400, a new model in its IntruShield IPS appliance line. The four-port, 200M bit/sec appliance is a midrange IPS that detects and blocks attacks in the same way as IntruShield’s 100M bit/sec 1200 model, 600M bit/sec 2600 model and 2G bit/sec 4000 model. According to Vimal Solanki, McAfee’s director of product marketing, the IntruShield 1400, which costs $15,000, is intended for midsize businesses and branch offices.

McAfee also is set to announce that its ePolicy Orchestrator management console, which can consolidate security event information related to the McAfee desktop firewall, host-based IPS, spam activity and even rival Symantec’s anti-virus software, now also will be able to share collected data with IBM’s security management software, Tivoli Risk Manager. IBM says about 70 products from various vendors have this capability.

Another IPS vendor, ForeScout Technologies, this week is expected to announce an updated version of its WormScout appliance, typically deployed on LAN segments to deny network access to worm-infected computers.

The WormScout 4.0 appliance can detect e-mail worms in addition to network-borne worms, says Ayelet Steinitz, ForeScout’s product marketing director. In addition, WormScout 4.0 includes the open source Nessus vulnerability-assessment tool. Nessus reports on security holes in WormScout so that the appliance, which now has a built-in firewall, has the option of opening or closing firewall ports based on policy.

WormScout 4.0, priced starting at $12,000, also will have optional software plug-ins for disabling switch ports and integrating with BMC Software’s Remedy trouble-ticketing system.

Meanwhile, teaming among security vendors continues at a fast clip.

Vulnerability-assessment product vendor nCircle is making changes to its IPS360 scanner appliance, adding an optional module called nCircle nTellect that will allow for correlation of known network exposures with intrusion-detection data that the Cisco IDS sensor collects.

This ability to share vulnerability information continuously with the Cisco IDS makes the sensor more efficient in presenting the threat information most pertinent to a corporation’s security managers, says Abe Kleinfeld, nCircle president and CEO. IPS360 is priced starting at $35,000 and the nTellect option would add $20,000 to the price.

A handful of firms, including Internet Security Systems and Sourcefire, are working to combine vulnerability-assessment data with attacks picked up by an IDS sensor in order to pinpoint high-threat attacks and weed out irrelevant attack information.

At Kansas City, Mo., energy firm Aquila, which is beta-testing nCircle’s nTellect with Cisco IDS, communications engineer Tim Raines says the scanning data has made IDS “much more usable and easier to tune.”

V-Secure Technologies, which sells the V-Secure IPS, this week is expected to announce Version 6.4 of its 250M bit/sec appliance will be managed by a new console, called NetVisor.

The console will be able to control up to 30 of the updated IPSs rather than one, as was the case with the previous version. Pricing ranges from $12,000 to $55,000 for the V-Secure IPS models. In addition, V-Secure says it is working to have its IPS correlate security events with host-based IPS software vendor Sana Security.

Finally, a security start-up called The Barrier Group is making its debut with a security appliance called Barrier1, which combines multiple open source security technologies – including the Snort IDS, Clam-AD anti-virus software, Spam Assassin anti-spam software and Squidguard Web content filtering – into one 3G bit/sec appliance.

Three Barrier Group appliance models, which cost between $67,200 and $117,600, also are being leased as a service for monthly charges that range from $4,000 to $7,000. Rob Demopoulos, CTO and co-founder, says his company brings to the package proprietary IPS code and the recipe for combining about two dozen open-source technologies.

Diversico Industries, a small tools fabricator in Minneapolis, uses Barrier1. Previously, the company had ongoing virus problems and had its servers broken into several times.

The situation has improved using Barrier1, and “at this point, I can say I feel confident about using open source,” says Todd Woyke, an engineer with the firm.