NEC developing network security analysis system

IDG News Service - NEC Corp. announced today that it is developing a network security system that will automatically monitor and analyze the configuration of security tools deployed in a network and suggest changes to fix any vulnerabilities or redundancies that exist between them.
The system is intended for use in networks where a mix of security tools, such as firewalls and intrusion-detection systems, are being used to guard against worms, viruses and other malicious traffic. As servers and client computers are added and removed from networks, and as security tools are installed or taken away, security holes, redundancies and other "mismatches" can appear in the security configuration, said Riyuuichi Ogawa, principal researcher at NEC's Ubiquitous Intelligence Technology Group.
"Security boundaries are constantly changing, and one of the most urgent needs is to be able to perform a security health check to reveal weaknesses," Ogawa said.
NEC's product, which is still being developed and may not go on sale until early next year, will analyze the configuration parameters of the security tools in a network to detect any holes or overlap between them, according to the vendor. For example, it will detect when FTP data is being allowed in through a firewall but is not being monitored by an IDS. In addition to identifying weaknesses, the system will propose revisions to correct any problems, Ogawa said.
The system uses a language called Security Configuration Coordination Markup Language, or SCCML, which is able to describe the filtering and monitoring functions of firewalls and IDSs, Ogawa said.
In Japan, about one-third of the incidents of unauthorized access to enterprise networks result from mismatches in the configuration of security systems, according to a January report by the Information-technology Protection Agency (IPA), an organization affiated with the Japanese government that promotes IT security. Another third are caused by the use of older, vulnerable software, and the remainder by misuse of user identifications and passwords, according to the IPA.
While security tools exist to patch vulnerable software and improve ID and password security, none provide a unified analysis of the protocols used by the firewalls and IDSs, according to NEC.
Because a single firewall might have more than 1,000 filtering rules, finding mismatches among security systems can take network administrators hundreds of hours. NEC's system can perform its analysis in minutes, Ogawa said.
"As far as we know, this is a world's first for this type of technology," said Hiroshi Katayama, general manager of NEC's Internet Systems Research Laboratories.
Analysts said NEC's technology could be significant for businesses, since