30th annual CSI Conference kicks off

With memories of August’s worm outbreaks and recent spam attacks fresh in their minds, computer security experts will gather in Washington, D.C. this week for the annual Computer Security Institute Conference and Exhibition.

Discussions on network attacks are expected to be popular topics at the conference, as are announcements from a number of companies about technology that can automate attack detection and response, according to show organizers.

More than 175 security technology vendors and between 2,000 and 2,500 attendees are expected at this year’s show, according to Chris Keating, director of CSI. Those numbers are below the pre-September 11, 2001 peak, but up markedly from the previous two years, he said.

Judging from preregistration figures for the Conference’s technical sessions, interest in network attacks is high, with many sessions in the “Attacks and Countermeasures” track fully booked, Keating said. A new Advanced Technology discussion track is geared towards the increasing number of attendees with more technical backgrounds. Sessions in that track will dig into issues surrounding secure coding practices, Linux and public-key infrastructure, Keating said.

Technology companies are also using the CSI Conference as a venue to unveil new products and product upgrades, with a focus on automated detection of security threats and enforcement of security policies.

IBM will launch a new version of Tivoli Risk Manager, its security incident tracking product, at the show. IBM has integrated Tivoli Risk Manager 4.2 more tightly with Tivoli Configuration Manager, enabling Risk Manager to consult Configuration Manager’s inventory to determine whether the systems it manages are adequately patched or vulnerable to attack, IBM said.

The new version of Risk Manager also comes with features that enable administrators to create customized and automated response to security incidents. Administrators will be able to use a new Web browser-based tool and a template for specifying actions in response to security events, IBM said.

Meanwhile, High Tower Software will use CSI to preview the second generation of its TowerView Security enterprise security management product. TowerView is a security event management tool that collects and correlates data from network security devices then displays those results so that network administrators can spot anomalous behavior, according to Dr. Ursula Schwuttke, vice chairman at High Tower.

For its latest release, the Aliso Viejo, Calif., company moved the TowerView software to 1U rack mounted hardware appliances that ship with a hardened Linux operating system, the company said. The TowerView 1000 appliance sells for around $48,000 and can manage around 30 network security devices. The 2000 appliance sells for around $90,000 and can manage between 30 and 90 devices, High Tower said.

Computer Associates will also be at the show to unveil the first component of its eTrust Identity and Access Management Suite, a new version of eTrust Admin, according to Bilhar Mann, vice president of product management at CA. The new version of eTrust Admin features an updated user interface and more features to help customers tie user provisioning features to other business processes, Mann said.

Finally, computer firewall company Zone Labs will unveil a new version of its Integrity security management product. Zone Labs Integrity 4.5 includes features that enable the product to enforce security policies from devices that use the 802.1x and Extensible Authentication Protocol standards. That will enable Integrity to work with more than 200 network devices such as switches and wireless access points that support the standards, according to Fred Felman, vice president of marketing at Zone Labs. For prior versions, Zone Labs worked individually with large vendors such as Cisco and Nortel to integrate Integrity with their networking products, he said.

Zone Labs is also announcing new features in Integrity that will help customers control the use of popular IM applications on their network, Felman said. The new IM security allows network administrators to centrally manage use of popular IM clients such as AOL Instant Messenger, Microsoft’s MSN Messenger and Yahoo Messenger clients. Administrators use a central interface to set policies that enforce the use of encryption between IM correspondents and block buffer overflow attacks against the IM clients on the desktop, Felman said.

While security technology companies have long used CSI as a platform for publicizing their products, show organizers are also noting interest from companies that are not strictly in the security space, Keating said. The presence of network equipment leaders like Cisco and Nokia at this year’s show are evidence of the heightened importance security concerns have for technology purchasers, he said. “Even though these companies are not thought of as vendors of security products, it’s important to them that their customers understand their products are secure,” he said.