Intrusion prevention touted over detection
Computerworld - Next week's RSA Conference 2003 in San Francisco will feature a range of security technologies meant to let corporations more proactively defend themselves against a growing array of cyberthreats.
Unlike most traditional firewall and intrusion-detection products, which passively detect problems, the new tools use rules, usage models and correlation engines to enforce authorized network behavior. In some cases, these tools automatically prevent unauthorized or malicious tasks from executing.
But many of the technologies are still in their infancy, are largely untested in enterprise environments and may not deliver all of the promised functionality just yet, users and analysts cautioned.
One of the vendors touting such products at this week's conference, sponsored by Bedford, Mass.-based RSA Security Inc., is Entercept Security Technologies Inc. The San Jose-based company will release an updated version of a host-based intrusion-prevention software tool that uses virus signature information and behavioral rules to intercept suspicious activity before it accesses an application.
For example, if a rule states that only Web server processes can access Web files, all attempts by other processes to do so will be automatically blocked by Entercept software, company officials said.
Network Associates Inc. announced April 4 that it would acquire Entercept for $120 million in cash, and on April 1 the company said it would buy San Jose-based Intruvert Networks Inc. for $100 million (see story).
Entercept's technology recently helped Arlington County, Va., protect its core databases from being corrupted by the Slammer worm and has contributed to a more proactive security posture, said Vivek Kundra, the county's director of infrastructure technologies.
"Historically, we would learn of an attack only after it happened, and we would react to it. Now we are in a position to prevent some of it as well," he said.
Also this week, Teros Inc. in Sunnyvale, Calif., will add a new module called SafeIdentity to its Teros 100 Application Protection System. Teros 100 is an "in-line" hardware device that sits directly on the network in front of a Web application server and inspects every packet going in and out of the server in real time.
Like other intrusion-prevention products, Teros' technology blocks anything that deviates from predetermined norms for a particular server or application. While Teros claims that its product can determine what those norms should be, companies that are unwilling to leave that decision to the technology can specify them.
Baker Hill Corp., a Carmel, Ind., provider of application services to the banking industry, has placed such "default deny" application firewalls in front of several Microsoft Internet Information Servers, said Eric Beasley, a senior network administrator
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- The Keys to Securing Data in a Collaborative Workplace Losing data is costly. IT professionals have spent years learning how to protect their organizations from hackers, but how do you ward off...
- Evaluating File Sync and Share Solutions: 12 Questions to Ask about Security File sync and share can increase productivity, but how do you pick a solution that works for you? Download to learn some important...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!