• United States

Security tools headline Demo show

Feb 17, 20036 mins
Intrusion Detection SoftwareNetwork Security

Vendors launch intrusion-prevention, key-distribution and vulnerability-assessment products.

With security uppermost in everyone’s mind these days, we selected three of the most interesting security products slated to debut at the show and asked Network World Global Test Alliance partner Mandy Andress to evaluate these products from BBX, MagiQ and SigmaSecurity.

More than 60 products and services will be launched this week at Demo, a conference sponsored by IDG Executive Forums, a division of Network World. With security uppermost in everyone’s mind these days, we selected three of the most interesting security products slated to debut at the show and asked Network World Global Test Alliance partner Mandy Andress to evaluate these products from BBX, MagiQ and SigmaSecurity.

OS Network

Vendor: BBX TechnologiesDescription: Intrusion prevention for Windows systems

A second-generation intrusion-prevention technology that acts as an immune system for Windows-based machines, OS Network monitors kernel operations and can identify unauthorized executables or authorized executables violating security policy.

If it finds an irregularity, OS Network takes action – deleting the unauthorized file and restoring any system files or registry entries that might have been corrupted or modified.

Several other intrusion-prevention products are on the market, including Entercept and Okena  (recently purchased by Cisco). OS Network differs from these products by focusing solely on the executable. Okena focuses on behavior profiling and Entercept focuses on specific attacks, such as buffer overflows. OS Network does not prevent the attack. It prevents the executable from causing any damage to the system. Additionally, OS Network is designed to work on servers, desktops and laptops. Another version of the product, OS Network Extend Shield, is available to protect the content of static Web sites.

After installation, OS Network takes a baseline of the system and uses that information to monitor for new and unauthorized executables. Centralized management is available for administration, logging and reporting. If administrators need to install new software on protected systems, they “lower the shield,” install the necessary applications, then raise the shield to re-enable protection.

OS Network does not require signatures or periodic updates to function properly. Once installed and the policy set, it can continue securing systems indefinitely. This lowers administration costs and provides more robust protection than signature-based intrusion-detection products.

OS Network can best be viewed as the last layer in an organization’s comprehensive defense-in-depth strategy, complementing firewalls, network intrusion-detection systems and antivirus products already installed in the organization. Intrusion prevention has been the buzzword in the security industry the past few years, and the technology has not yet taken off, mainly because of end-user frustration with too many false positives. Employees cannot do their jobs if their computers are constantly stopping actions they feel are malicious or against policy.

OS Network might bring intrusion-prevention technology to the forefront of the security industry again, and if successful, might continue to expand the must-haves for any enterprise security infrastructure.

Vendor: MagiQ

Description: Key distribution based on quantum computing

Navajo is a Quantum Key Distribution system for securing communication. In secure communications, one of the most difficult steps is secure communication of encryption keys. Only the parties who wish to exchange information should know these keys. How do you know the key has not been intercepted or cannot be easily figured out?

Current cryptography theory relies on complex mathematical computations, which take time to solve. With the increasing availability of computing power, cracking the code becomes easier, rendering secure communications readable, and exposing sensitive and confidential information.

Quantum computing uses the principles of physics, not math, to create secure communications. The principles of physics are problems that cannot be forced to decipher encrypted communications and the keys generated are random and secure. The information is encoded photon by photon via fiber-optic link. Any eavesdropping or snooping on the line by a malicious party would change the photon, making it known that it was tampered with.

Navajo does not want to replace existing cryptographic communications. Instead, it is a key distribution system based on Heisenberg’s Uncertainty Principle that provides a hybrid model using quantum computing to provide secure distribution of existing cryptography keys, such as those based on Advance Encryption Standard. This method provides organizations a solution to the problem of how to securely exchange cryptographic keys. One drawback to current quantum computing systems, though, is that they do not work over long distances.

Navajo is a plug-and-play system that can fit in virtually any environment. Cryptography keys can be exchanged securely, up to 1,000 times per second, ensuring the confidentiality of sensitive information as it travels across the network or is stored on a system.

Quantum computing provides a new approach to the problem of how to exchange information securely. As the reliance on the exchange of information continues to grow, the security of that information becomes critical. Quantum computing might be the field that provides more secure communication schemes.


Vendor: SigmaSecurity

Description: Linux-based vulnerability-assessment appliance

SigmaWatch, SigmaSecurity’s debut into the already crowded vulnerability-assessment market, is a Common Vulnerabilities and Exposures-based vulnerability-assessment and remediation product that runs on SigmaSecurity’s Predator. In this configuration, SigmaWatch supports approximately 255 IP addresses. More robust platforms are available from SigmaSecurity to provide assessment and remediation for larger organizations.

SigmaWatch runs on a hardened version of the Red Hat Linux operating system and takes advantage of many open source tools, and SigmaSecurity’s proprietary-assessment engine. Vulnerability signature updates are received automatically through a Secure Sockets Layer communications engine, ensuring the latest vulnerabilities and check scripts are available for use in a scan. Administration occurs through a Web interface, with the ability to launch scans on demand or schedule them to launch periodically, such as daily, weekly or monthly. Scans also can be incremental or differential, providing administrators a quick and easy way to see what has changed on their systems and network over the last week or month.

SigmaSecurity says the vulnerability tests are nonintrusive and administrators can configure the intensity of testing, controlling how much network bandwidth a scan consumes during execution. Groups also can be created, allowing some servers, such as critical Web servers, to be scanned daily, while other systems could be scanned weekly. Reports are generated in PDF format and include information detailing the identified vulnerability. A pair of SigmaWatch appliances can be configured for high availability, using a serial connection to maintain heartbeat.

While SigmaWatch says the product provides remediation capabilities, they are not automatic. SigmaWatch, like most vulnerability-assessment products, provides links or instructions for administrators to follow to correct the identified vulnerability on the affected system.

Even thought the vulnerability-assessment market is getting overcrowded, SigmaSecurity can succeed if the assessment engine is accurate, providing strong assessments of Windows and Unix/Linux systems. SigmaSecurity has taken the right approach, pricing its product lower than most of the existing commercial solutions, with SigmaWatch on Predator starting at $3,500.