Intrusion prevention touted over detection
Computerworld - Next week's RSA Conference 2003 in San Francisco will feature a range of security technologies meant to let corporations more proactively defend themselves against a growing array of cyberthreats.
Unlike most traditional firewall and intrusion-detection products, which passively detect problems, the new tools use rules, usage models and correlation engines to enforce authorized network behavior. In some cases, these tools automatically prevent unauthorized or malicious tasks from executing.
But many of the technologies are still in their infancy, are largely untested in enterprise environments and may not deliver all of the promised functionality just yet, users and analysts cautioned.
One of the vendors touting such products at this week's conference, sponsored by Bedford, Mass.-based RSA Security Inc., is Entercept Security Technologies Inc. The San Jose-based company will release an updated version of a host-based intrusion-prevention software tool that uses virus signature information and behavioral rules to intercept suspicious activity before it accesses an application.
For example, if a rule states that only Web server processes can access Web files, all attempts by other processes to do so will be automatically blocked by Entercept software, company officials said.
Network Associates Inc. announced April 4 that it would acquire Entercept for $120 million in cash, and on April 1 the company said it would buy San Jose-based Intruvert Networks Inc. for $100 million (see story).
Entercept's technology recently helped Arlington County, Va., protect its core databases from being corrupted by the Slammer worm and has contributed to a more proactive security posture, said Vivek Kundra, the county's director of infrastructure technologies.
"Historically, we would learn of an attack only after it happened, and we would react to it. Now we are in a position to prevent some of it as well," he said.
Also this week, Teros Inc. in Sunnyvale, Calif., will add a new module called SafeIdentity to its Teros 100 Application Protection System. Teros 100 is an "in-line" hardware device that sits directly on the network in front of a Web application server and inspects every packet going in and out of the server in real time.
Like other intrusion-prevention products, Teros' technology blocks anything that deviates from predetermined norms for a particular server or application. While Teros claims that its product can determine what those norms should be, companies that are unwilling to leave that decision to the technology can specify them.
Baker Hill Corp., a Carmel, Ind., provider of application services to the banking industry, has placed such "default deny" application firewalls in front of several Microsoft Internet Information Servers, said Eric Beasley, a senior network administrator
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!