• United States



Senior Editor, Network World

Security Vendors Push Intrusion-Detection, Professional Services

Sep 12, 20114 mins
Data and Information SecurityFirewallsHP

Established vendors and startups last week announced products and services for network intrusion detection systems (IDS) and outsourced security management.

Hewlett-Packard, Axent Technologies and startup Sanctum debuted intrusion-detection software for corporate networks, while Raytheon Company announced BladeRunner, server-based software for monitoring internal corporate network traffic in order to prevent unauthorized transmission of sensitive material.

“It identifies traffic-flow patterns to identity anomalies,” says Jeff Waxman, president of Raytheon’s newly formed information assurance product area based in Linthicum, Md. “If the R&D department suddenly starts sending information out to the wide-area Internet, you’ll know that.”

Available for Unix or NT, BladeRunner, priced at $65,000 per copy, is a passive-listening device that can display the entire topology of the corporate network to show what network users are doing by reporting activities to the BladeRunner console.

At its Cupertino headquarters, HP unveiled the HP Praesidium Intrusion Detection System, software offered as a $1,695 option to protect HP’s new version of Unix called HP-UX11i.

“The Praesidium software detects unauthorized access, root exploits, buffer overflows or other unusual behavior and send alerts to HP OpenView,” says Roberto Medrano, general manager of the Internet security solutions at HP.

HP pushed two other security products out the door last week. The first was Web Enforcer, NT-based software that works to strengthen Web servers used in e-commerce by detecting security vulnerabilities and mending these holes on an ongoing basis. The software, with service support, costs about $7,000.

HP says it has also beefed up its Web QoS, software costing between $7,000 to $12,000 used for NT, HP-UX or Solaris to prioritize traffic so that Web QoS can now detect some types of HTTP-based denial-of-service attacks and block them.

Medrano points out that Web QoS won’t readily protect against massive distributed denial-of-service attacks based on SYN Floods, however.

In the area of consulting services, HP has formed the Global Security Consulting Practice with 300 security experts in its offices around the world to advise corporations on risk-management and security strategies.

Startup Guardent also opens its doors this week with 75 employees to provide security consulting. Dan McCall, founder and chief marketing officer, says the firm purchased the entire professional services practice at Secure Computing for an undisclosed sum. The company is providing managed security services as well for companies ready to outsource in this area.

Another startup, Santa Clara, Calif.-based Sanctum — which just changed its name from Perfecto — unveiled the second product to follow its Web-based AppShield, ingenious Web server software that prevents electronic commerce shoplifting by exploiting application flaws.

Sanctum’s second product, the Linux-based AppScan, lets the network manager or application developer remotely test Web applications to determine weaknesses that could be exploited in an e-commerce setting. “It’s a sort of ‘Robohacker’ that lets them manually simulate attacks and suggests how to fix things,” says Sanctum’s founder and senior vice president, Eran Reshef.

The software, set to ship next month for $20,000 per user, is under testing at Yahoo, Lycos and Exodus Communications. Concern that his AppScan could be put to criminal use in the hands of hackers has compelled Reshef to ensure AppScan has a mechanism — which he would like to keep secret — to prevent unauthorized use.

Axent Technologies, which spars with Internet Security Systems to claim market leadership in the intrusion-detection realm, weighed in last week with updated versions of its NetProwler vulnerability scanner and its hosted-based IntruderAlert detection software for Unix or NT.

Intrusion-detection software has to be constantly updated as new attacks are discovered, and NetProwler 3.5 can accept file downloads from the Axent Web site of these new attack signatures. In addition, the security software now runs on Windows 200 and Linux in addition to NT and Unix.

Intruder Alert 3.5, which supports updates via file transfer, now comes with Unix-based console software for HP-UX or Solaris in addition to NT.

Axent is now marketing both products as the ProwlerIDS Series, offering a combined license for both security tools for $10,995, a savings of at least $5,000 over purchasing the Axent products separately.

Axent’s top rival ISS weighed in last week to say it has become the first vendor to obtain export status of its intrusion-detection software, RealSecure 3.2.2, under the more lenient encryption export rules announced January 14 by the White House.

RealSecure has options to encrypt some data for security purposes. Users can now more easily export RealSecure with Triple-DES or elliptic-curve public-key at strengths up to 239 bits, said to be stronger than the standard RSA 1,024-key. without having to fill out extensive paperwork or get approvals for most countries.