Product Roundup: Network Security Solutions Keep Pace
There are as many ways to manage
network security as there are types of Internet interlopers. So we've surveyed
a range of the latest products, from quantum mechanics-based encryption to dedicated,
secure "vaults."
Intrusion Detection
The IntruShield intrusion detection system (IDS) from IntruVert Networks Inc.
enables highly accurate network attack detection and prevention at up to 2 Gbps.
The system features comprehensive, real-time intelligent detection of known,
first-strike, and denial-of-service attacks, using a combination of signature,
anomaly, and denial-of-service detection techniques.
When deployed in-line, the IntruShield sensor appliances are capable of handling
deep-packet inspections, from several hundred Mbps up to 2 Gbps.
The IntruShield Security Management system is a centralized, easy-to-use, graphical
Web-based management system that provides flexible environment configuration,
security policy management, forensic analysis, and response management while
reducing overall administrative costs.
The IntruShield IDS was winner of the Network World Blue Ribbon Award, and
received perfect scores in both the Neohapsis and NSS tests, a first in the
intrusion detection market.
Contact: IntruVert Networks Inc., San Jose, Calif.; (408) 434-8300; www.intruvert.com.
Active Intrusion Response
If your school's IT department needs a product that not only detects intruders
but attempts to defeat them right away, then devices called Intrusion Prevention
Systems (IPSes) may be for you. An IPS actually sits in-line on the network,
monitoring all inbound and outbound traffic. Without affecting network performance,
the IPS screens all traffic and drops malicious packets on-the-fly, thwarting
attacks before they reach their targets.
Top Layer Networks Inc.'s Attack Mitigator IPS is a family of ASIC-based intrusion
prevention solutions with precision blocking and control against the most prevalent
types of cyber attacks. Hybrid attacks such as HTTP Worms, denial-of-service
attacks, protocol and traffic anomalies, IP spoofing, and flood attacks are
accurately detected, and stopped in real time.
A network security administrator has control over how the device will respond
to detected attacks. Precise but flexible actions against blocking malicious
and suspicious traffic include monitoring, alerting, limiting, and blocking.
Attack Mitigator IPS offers 100 megabit through multi-gigabit solutions for
maximum performance.
Contact: Top Layer Networks Inc., Westboro, Mass.; (508) 870-1300; www.toplayer.com.
A Quantum Leap
Navajo, from MagiQ Technologies Inc., takes a different approach to encryption
by securing communications with Quantum Key Distribution (QKD).
By encoding the encryption key photon by photon and having more than one piece
of information on each photon, quantum mechanics guarantees that the act of
an eavesdropper intercepting a photon, even just to observe or read, irretrievably
changes that photon. As a result, any action by the eavesdropper, from copying
to cloning a photon, or even reading more than one piece of information, automatically
destroys the other piece of information.
This physics-based approach to encryption relies upon Heisenberg's Uncertainty
Principle: An eavesdropper listening in on the key distribution channel will
necessarily leave traces, and the more information the eavesdropper obtains,
the greater the detectable disturbances. Consequently, the communicating parties
can use part of their encryption key to determine the presence of an eavesdropper
and only use the key if appropriate.
The use of continuous symmetrical quantum key regeneration and truly random
numbers makes the data encryption absolutely secure.
Contact: MagiQ Technologies Inc., New York, N.Y.; (646) 638-1001; www.magiqtech.com.
Vault-Like Security
While most security solutions focus on solving discrete security problems by
building walls of various kinds around the network perimeter, Cyber-Ark Software
Ltd. has taken a fundamentally different approach: caching the most valuable
assets within a securely protected "vault."
Cyber-Ark offers two highly integrated information security solutions for network
environments within the enterprise: the Network Vault and the Inter-Business
Vault.
Both offer the protection of multiple layers of integrated security, including
VPN, firewall, authentication, access-control, and file encryption. Both are
based on a client/server model, are deployed on dedicated, standard-computing
platforms, and afford a wide variety of standard user interfaces.
The Vault is designed to complement, rather than replace, current investments
made in perimeter-based products and in many cases it can eliminate the need
to integrate disparate security, collaboration, and extranet products.
The Network Vault secures the enterprise's most critical and sensitive information
(IT, HR, financial, and legal) in a safe haven, where it is completely immune
from loss, corruption, and exposure, while being securely shared.
The Inter-Business Vault expands this concept by not only providing a safe
haven, regardless of overall network security, but also adding the capability
for information to be stored and shared securely over the Internet.
It enables customers, business partners, shareholders, and remote offices to
transparently distribute, collect, transfer, and share files as if they were
on the same network.
Contact: Cyber-Ark Software Ltd., Dedham, Mass.; (888) 808-9005; www.cyber-ark.com.
Five-in-One Solution
Symantec Gateway Security takes a comprehensive approach to gateway protection
with a solution that combines five essential network security functions in a
single appliance. The fully integrated rack-mountable unit protects against
multi-faceted security threats with a combination of state-of-the-art firewall,
anti-virus, Web content filtering, intrusion detection, and virtual private
networking technologies.
Smart set-up wizards facilitate configuring the appliance out of the box in
minutes to secure all information entering or leaving the network via the Internet
gateway. As a true plug-and-protect solution, the appliance controls and monitors
Web and e-mail threats, including worms, viruses, malicious code, intrusion
attacks, and "blended" threats like Nimda and Code Red.
Through its common management console, administrators can configure and modify
all security functions locally or remotely. Updates such as the latest virus
definitions and intrusion attack signatures can be automatically deployed without
administrative intervention via Symantec's LiveUpdate feature.
Symantec Gateway Security is a flexible solution for securing the gateway between
the Internet and corporate networks or between network segments. For organizations
that have already deployed a firewall, the appliance offers full compatibility
with leading brands to provide a second level of protection against blended
threats that firewalls alone cannot provide.
High availability and load balancing options are available to ensure optimum
performance in high-volume networks.
Contact: Symantec Corp., Cupertino, Calif.; (408) 517-8000; www.symantec.com.