New security products ‘adapting’ to threats

As networks increase in size and complexity, security products are growing in sophistication and security threats are becoming more ingenious.

According to a recent study by The Yankee Group, more than 80 percent of companies connected to the Internet experienced a disruption in business due to a worm or virus in 2003. Another 40 percent of companies responding to The Yankee Group survey experienced a DoS attack. The report recommends that businesses take a more proactive approach to security, such as using intrusion prevention to block attacks and using products that can adapt to a changing security environment.

For instance, V-Security Technologies last week introduced new products that it claims makes security more “adaptive,” including a hands-off approach to intrusion prevention and features that make its IPS system more self-learning and self-adapting. The new products are centered around V-Secure’s NetVisor IPS (Intrusion Protection System) platform, which the company said unifies IPS management by consolidating attack information across IPS devices.

Avi Elbaum, co-founder and senior vice president of technical services at V-Secure, said that a fuzzy logic engine drives the adaptability of the IPS product, which is able to respond to changing behavioral patterns such as the number of packets sent per second. A closed feedback loop mechanism tracks any bad traffic, such as denial of service attacks, and re-evaluates it so attackers can not trick the system. NetVisor also has smart filters that look for the most granular footprint of packets and isolate the bad communication, rather than the whole host, said David Lavenda, chief marketing officer at V-Secure. “That’s one of the special sauces,” Lavenda said. “It picks out exactly the things that are bad.”

Special sauce is also being added to the application gateway layer. Applications gateways are used to apply strong security before the traffic is delivered to applications. Web services and Web application security vendor NetContinuum has just released the NC-1000 Application Security Gateway WSE (Web Services Edition) that combines protection for mission-critical application data with XML-aware security into a single ASIC-based gateway appliance. A Yankee Group survey of enterprise security buyers says that Web services security is now one of the top budget priorities for 2005, ahead of traditionally strong security categories such as network integrity, data security, and identity management. “As Web services begin to extend outside the firewall, security is becoming a priority. Companies need some new solutions to ensure security and that’s what we provide,” said Wes Wasson, chief strategy officer at NetContinuum.

F5 Networks is also offering a new security device designed for applications. This week the company introduced its TrafficShield Application Firewall, a dedicated, application-level security device. TrafficShield ensures users unrestricted, secure access they have been authorized to use, while preventing any tampering with the application itself.

“Positive security delivers a tailored view of Web application vulnerabilities through which preventive action can be taken to ensure critical Web applications are continuously protected,” said Michael Suby, senior research analyst and program manager at Stratecast Partners. “For many enterprises, expanding their Web presence is a strategic imperative, but developing vulnerability-free application code is not a core competency and is expensive and time consuming. Products like TrafficShield deliver the protective layer enterprises need to expand their Web presence confidently, quickly, and with a lower cost overhead,” he said.

The increasing sophistication is also happening at the vulnerability assessment level. Digital Defense has just released its Frontline 3.0 vulnerability assessment tool. According to Rick Fleming, chief technology officer at Digital Defense, new threats are increasingly sophisticated. “Security managers are challenged to keep up with new applications such as voice over IP. At the same time they face new security regulations. As a result there is a requirement for tools that are deployable by nonsecurity specialists. Security goes beyond just security managers now. It impacts the whole enterprise,” he said.