NetContinuum to unveil Web security gateway

An enterprise security appliance to be unveiled Monday by start-up NetContinuum targets a variety of security threats delivered via Web traffic.

The device, called the NC-1000, will sell for $28,000 for a 10/100M bit/sec model and $38,000 for a gigabit model. This is the first release from the venture-funded Santa Clara, Calif., company.

The NC-1000 is designed to compensate for a weakness in traditional network firewall technology – namely, the tendency of most firewalls to forward but not inspect Web traffic on port 80. That shortcoming leaves many companies vulnerable to attacks hidden in that Web traffic, including scripting-, cookie- and URL-based threats.

Currently, most companies offering Web services either ignore the problem of port 80-based attacks altogether, focus on patching and securing individual application servers against attack, or refrain from exposing sensitive information and transactions in any form, according to analyst Pete Lindstrom of The Spire Group.

NetContinuum’s new rack-mounted appliance can be deployed directly behind a firewall, intercepting all Web traffic passing through port 80. The device acts as a terminus for all incoming Web sessions, capturing Web traffic and then performing packet inspections on it, including inspections of header and URL information that are often used to hide attack code or illegal commands.

After completing its inspections, the NC-1000 establishes its own secure connection to application servers within a data center, passing the traffic along at wire speed, according to NetContinuum.

The device effectively encrypts all Web site content using Secure Sockets Layer and offers “cloaking” technology that hides information about Web applications from Web site scanning tools, according to information provided by NetContinuum.

To handle the high volume of traffic inspection and encryption, the NC-1000 uses an application-specific integrated circuit (ASIC) containing 48 multithreaded CPUs and over 60 million transistors. The ASIC is capable of supporting over 1 million concurrent connections and 6,000 SSL transactions per second, according to NetContinuum.

The product is being marketed to large enterprises offering Web-based services to customers or deploying Web-based applications to employees or business partners.

The NC-1000 marks a new approach to security, according to Lindstrom, and might be attractive to companies that are looking for a way to protect their corporate resources from Web-based traffic, but are wary of sacrificing performance.

“NetContinuum is taking kind of a horizontal spin, combining the capabilities of an SSL accelerator, a firewall and pieces of Web access control into a proprietary ASIC on a perimeter appliance,” Lindstrom said.

The new device helps address what Lindstrom calls the “back and forth” between IT administrators’ concern about security and their need for high performance, according to Lindstrom.

“NetContinuum hits the pain points that are most evident: they use SSL to enable more transactions, they offer good processing performance and they protect against prevalent port 80 attacks,” he said.

In the rapidly evolving market for security appliances, however, Lindstrom said that it is still unclear what technology will be embraced by fickle corporate customers.

“This is where most perimeter activity is converging,” Lindstrom said. “But it’s not clear now how or where we’ll go. There are lots of security devices out there securing different applications.”

Lindstrom said that NetContinuum, with 120 employees, will need to continue to deploy new features on the NC-1000 to keep up with ever-evolving threats from the hacker community, while staving off competition from established firewall and security appliance vendors in order to survive.