Intrusion prevention touted over detection
Computerworld - Next week's RSA Conference 2003 in San Francisco will feature a range of security technologies meant to let corporations more proactively defend themselves against a growing array of cyberthreats.
Unlike most traditional firewall and intrusion-detection products, which passively detect problems, the new tools use rules, usage models and correlation engines to enforce authorized network behavior. In some cases, these tools automatically prevent unauthorized or malicious tasks from executing.
But many of the technologies are still in their infancy, are largely untested in enterprise environments and may not deliver all of the promised functionality just yet, users and analysts cautioned.
One of the vendors touting such products at this week's conference, sponsored by Bedford, Mass.-based RSA Security Inc., is Entercept Security Technologies Inc. The San Jose-based company will release an updated version of a host-based intrusion-prevention software tool that uses virus signature information and behavioral rules to intercept suspicious activity before it accesses an application.
For example, if a rule states that only Web server processes can access Web files, all attempts by other processes to do so will be automatically blocked by Entercept software, company officials said.
Network Associates Inc. announced April 4 that it would acquire Entercept for $120 million in cash, and on April 1 the company said it would buy San Jose-based Intruvert Networks Inc. for $100 million (see story).
Entercept's technology recently helped Arlington County, Va., protect its core databases from being corrupted by the Slammer worm and has contributed to a more proactive security posture, said Vivek Kundra, the county's director of infrastructure technologies.
"Historically, we would learn of an attack only after it happened, and we would react to it. Now we are in a position to prevent some of it as well," he said.
Also this week, Teros Inc. in Sunnyvale, Calif., will add a new module called SafeIdentity to its Teros 100 Application Protection System. Teros 100 is an "in-line" hardware device that sits directly on the network in front of a Web application server and inspects every packet going in and out of the server in real time.
Like other intrusion-prevention products, Teros' technology blocks anything that deviates from predetermined norms for a particular server or application. While Teros claims that its product can determine what those norms should be, companies that are unwilling to leave that decision to the technology can specify them.
Baker Hill Corp., a Carmel, Ind., provider of application services to the banking industry, has placed such "default deny" application firewalls in front of several Microsoft Internet Information Servers, said Eric Beasley, a senior network administrator
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts