Vendors showcase security

Security vendors Lancope, Network Associates and Symantec are looking to address a variety of user security concerns with enhancements to intrusion-detection systems, patch management and Secure Socket Layer VPNs, respectively.

Security vendors Lancope, Network Associates and Symantec are looking to address a variety of user security concerns with enhancements to intrusion-detection systems, patch management and Secure Socket Layer VPNs, respectively.

Lancope this month unveiled two new models of its StealthWatch IDS, the M45 and the M250 aimed at small to midsize businesses where maximum throughput requirements top out at 45M bit/sec and 250M bit/sec. These two appliances, which start at about $10,000, work the same way as Lancope’s gigabit-speed G1 in scanning for worms and network-based attacks.

The boxes also are helpful in identifying traffic streams that might indicate illegal activity on the network, says Todd Ferris, director of privacy and data security at Stanford University’s School of Medicine, which deployed StealthWatch about six months ago.

“Lancope’s StealthWatch monitors based on a profile of a host, and when it sees something it hasn’t before, it raises the ‘concern index,'” Ferris says. After the university’s medical school deployed the IDS to monitor outbound and inbound Internet traffic, they found that computers had been broken into and hackers from all over the world had taken over FTP servers to exchange files, mostly DVD movies and pornography.

These kinds of unwanted occurrences – in combination with computer worm attacks – are spurring the university, which has maintained an open atmosphere in terms of networking, to add security precautions that include a firewall and anti-virus software. “We have machines broken into every day,” Ferris says. “Because of all these things happening, the university is changing its stance.”

Keeping up with computer software patching to prevent worm and hacker exploitation remains a top concern. To that end, Network Associates last week announced that its McAfee ePolicy Orchestrator (ePO), the security console that can collect information from McAfee software agents for servers and desktop, now will be able to detect whether a Microsoft-based host computer needs a patch update. This would be done by adding what the company calls System Compliance Profiler software to ePO.

“The System Compliance Profiler, which we’re making available to existing customers for free, is a host-based scanner to check to see if the correct patches are installed,” says Steve Crutchfield, group marketing manager. The tool can be configured to search based on the Microsoft file, service registry key or specific Microsoft patch number.” Network Associates has no plans to expand the tool into non-Microsoft-based systems.

For its part, Symantec has been busy taking the secure remote-access SSL VPN software it got by buying SafeWeb last October and adapting it into hardware appliance form. Last week Symantec announced two models of the Symantec Clientless VPN Gateway 4400 series.

The 4420 model, which costs $9,500, has two fast Ethernet ports and supports 350 simultaneous connections. The 4460 model, which costs $18,000, supports two Gigabit Ethernet ports and 1,000 simultaneous connections.

The Symantec remote-access SSL VPN-based gear – which competes with similar products from Aventail, Cisco, F-Secure and NetScreen Technologies – will lets users authenticate their identities via Web browsers. This is in contrast to IPSec-based VPNs that require special IPSec-based client software.

According to Symantec marketing manager Howard Lev, the two SSL VPN appliances also will support non-Web applications as well by dynamic download of Java applets to a client machine.

Symantec has plans to integrate SSL VPN functionality this year into the multi-function Symantec Gateway Security, which is IPSec-based today.