• United States
Senior Editor, Network World

Security vendors bolster line of defense

Apr 12, 20044 mins

IBM, Network Associates and Symantec each disclosed plans last week to beef up their security product lines to provide more defense for networks.

IBM, Network Associates and Symantec each disclosed plans last week to beef up their security product lines to provide more defense for networks.

IBM’s Tivoli division next month plans to ship its first host-based policy-compliance scanner for desktops, servers and mainframes, which promises to help customers check for weaknesses such as unsecure passwords, orphan accounts and unpatched systems.

IBM Tivoli’s Security Compliance Manager and its Policy Compliance Checking Tool, which reside on a central server and look for vulnerabilities and compliance violations and report back to a central console, is the outgrowth of a service IBM has offered for about three years.

The product comes with security-policy compliance templates that can be pushed from a central server to networked computers to help comply with government regulations such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act.

The product’s options for security settings also will reflect recommendations made by the SANS Institute in its Top Ten Vulnerabilities list and the National Security Agency guidelines, says James Galvin, security product manager at IBM Tivoli.

“Our customers want some way to check compliance in terms of regulations,” says Galvin, adding that scans performed by the Policy Compliance Checking Tool are stored in IBM’s DB 8.1 database.

Organizations already using host-based compliance-checking and security assessment tools say they help in the constant battle to keep computers patched and password policies enforced.

Mark Day, CTO and deputy CIO at the Environmental Protection Agency, says the federal agency more than a year ago automated the monitoring of more than 1,000 servers, primarily NT and Novell, through use of the host-based scanners from IBM competitor BindView.

“We run [the compliance-checking scan] at random times and we don’t announce it,” Day says. Much as the IBM software is expected to do, the BindView tool reports back on servers that haven’t been kept appropriately maintained. Though some IT staff at the EPA first resented the automated monitoring, they gradually accepted it as a good way to prove how well they’d done their work, Day says.

Security giants Network Associates and Symantec are busy with new products.

Network Associates’ McAfee division later this month plans to ship an anti-virus software and management-console package aimed at businesses with 500 or fewer users. The SMB anti-virus package will come with a new central console software, called McAfee Protection Pilot 1.0, instead of the McAfee ePolicy Orchestrator (ePO), McAfee’s central console that supports large-scale anti-virus distribution and reporting.

“The ePO was too complex for a lot of smaller businesses,” says Steve Crutchfield, product manager at McAfee. In contrast, Protection Pilot 1.0 has a simpler wizard-based installation, policy recommendations, and a “dashboard” with a simple display to show if all machines are up to date with virus signatures. The anti-virus software will guard desktops and Microsoft and NetWare file servers, plus Simple Mail Transfer Protocol (SMTP)-based gateways. Pricing, while not yet set, should be slightly less than a comparable package with ePO.

For its part, Symantec next week will make available the second version of the Symantec Client Security 2.0, its combined desktop firewall, VPN, anti-virus and intrusion-detection software.

Changes include the addition of an optional behavior-blocking mechanism that administrators can use to block outbound e-mail worms that infest a desktop computer before Symantec can prepare an updated virus signature to recognize and destroy it.

“When the worm attempts to mail itself out, Client Security recognizes the behavior is not initiated by the user and blocks the worm,” says Gary Ulaner, Symantec’s group product manager.

Client Security 2.0 also has a mechanism to ensure the anti-virus protection and desktop firewall is installed, running and up to date before the user can access to the organization via VPN. “We have assured this works with VPNs from Check Point, Nortel and iPass, among others,” Ulaner says. If the user isn’t in compliance, an auto-remediation process can take place.

Other additions to Client Security include a way to detect adware and spyware that make use of any keystroke or logging programs in order to eradicate it through signature-based updates.

Client Security 2.0 is priced by volume, starting at $43.50 per desktop for 250 users.