There's no shortage of reasons for corporate IT managers to be concerned - very concerned - about external threats to the security of their systems. Trojan horses and viruses that enter organizations as executable e-mail attachments are abundant, and antivirus software doesn't always catch them.
Finjan Software Inc.'s response is SurfinShield Corporate and SurfinGate, software that actively monitors downloaded active content, including executables, ActiveX and Java scripts, on individual desktops and at e-mail gateways.
By monitoring code behavior, Finjan's products let companies enforce security policies by automatically blocking malicious activity before it causes damage to PCs. "The days of relying on reactive security products to stop malicious code attacks are over," says Phil Kantz, president and CEO of the San Jose-based start-up. "Companies cannot afford to wait hours or days for security updates to be protected from new attacks."
|
A security analyst at a major Northwest retailer, who declined to be named, can attest to that. "I saw SurfinShield, and then six months later, the Melissa virus hit," he says. "We decided to segment the responsibility of dealing with these threats by installing the desktop version, mainly because we had very few means of identifying the attacks before they hit."
He says the product has successfully blocked subsequent active content attacks before they could do damage.
"Finjan's software controls code behavior before it becomes active," says Christian Christiansen, an analyst at Framingham, Mass.-based IDC. "It caches attacks before they can do harm."
"Monitoring programs for malicious behavior, or sandboxing, has come of age and proved its effectiveness against worms like 'I Love You' and Anna Kournikova," says Yigal Edery, Finjan's director of research and development.
Plus, Internet worms can change their characteristics every four to six hours, which is faster than antivirus software vendors can turn around virus signature updates, adds Dave Kroll, the firm's director of marketing.
SurfinShield Corporate runs on each PC in the background, watching for file violations and checking for attempts to delete files, access registries or access the operating system. It also has a central console for setting policy, monitoring and administering SurfinShield across all desktops.
Administrators can also set policies that let some ActiveX controls in while blocking others. "We needed to offer software that allows for specific controls to run software that uses ActiveX controls like WebEx, while still enforcing security policies," says Kroll. "SurfinShield does that."
Finjan's SurfinGate protects e-mail gateways running on Windows NT, Windows 2000 or Unix servers. Finjan says its customers include the Internal Revenue Service, the European Parliament and the Pentagon.
People Problem
When installing SurfinShield Corporate on desktops, IT managers may need to overcome some user resistance, the Northwest retailer discovered. "We also had to explain to our 600 desktop users why we were installing this; we weren't trying to censor what they looked at, but rather we had to block applets that posed a threat to our system," says the company's security analyst.
He did have a few other issues. The security signatures in SurfinShield were corrupted when desktop users installed Microsoft's Internet Explorer 5, but Finjan fixed this in its current version, the analyst says. And SurfinShield doesn't audit the behavior of macros.
"What using SurfinShield brought to my attention is that when you attach to any Web site, you are basically giving that Web site entire rights to your system," says the security analyst. "We tell people, 'Thou shalt not open executables.' But they do it anyway. SurfinShield is now blocking that."
The Buzz: State of the Market
Riding the Cybercrime Wave
Finjan is at the right place at the right time. Gartner Inc. in Stamford, Conn., estimates that the economic cost of cybercrimes will increase 1,000% to 10,000% through 2004, and attacks generated through executable e-mail attachments are an increasing part of the mix.
Finjan operates in a specialized security space: Its products perform real-time monitoring of inbound active content in e-mail attachments and block associated activity produced by these viruses. But because the software can accommodate different profiles, administrators can allow certain types of ActiveX content to flow to the end user. This is called "white listing," and a few competitors in the field also offer some degree of this customization.
According to IDC analyst Christian Christiansen, the market for this type of software is hard to gauge because it's part of larger offerings from companies such as Islandia, N.Y.-based Computer Associates International Inc. CA's eTrust product, for example, works within the Unicenter TNG Framework to block some types of active content but normally reacts only to known viruses.
Some vendors of intrusion detection software are also adding blocking of active content for servers. For example, Atlanta-based Internet Security Systems Inc. recently added such capabilities to its RealSecure intrusion detection software.
As for offerings from traditional antivirus vendors, Gartner analyst Bill Malik says Symantec Corp. in Cupertino, Calif., and Network Associates Inc. in Santa Clara, Calif., offer similar capabilities but Finjan's is more advanced.
Pelican Security Inc.
Chantilly, Va.
www.pelicansecurity.com
Pelican Security's SafeTnet desktop software also detects and isolates downloaded active content. But unlike Finjan, the company says its products let users secure applications and systems by determining who has access to make changes. It blocks content by determining what can be changed, as opposed to what can be let through.
Security Risk and Reward
Stories in this report:
- Want to Save Some Money? Automate Password Resets
- Knowldge Quest
- Companies Need Security Pros With More Varied Skills
- Finding Answers
- The Enemy Within
- The Threat of XML
- SOAP, Other Protocols Specify Security for XML
- The Problem With Power
- Top 10 Security Mistakes
- Playing By Europe's Rules
- False Alarm?
- An Ounce of Intrusion Prevention
- Deadly Pursuit
- IDS Products and Prices
- Should You Outsource IDS?
- Who He Is
- Manager Offers Primer On Computer Forensics
- Unlocking Secure Online Commerce
- Too Late For Digital Certificates?
- Giving Users Back Their Privacy
- Feeling Safe With IT Security Deals
- Finjan's Software Bolcks Active Content Threat
- Security Statistics
- The Guardian
- Congress Considers Slew of Bills That Will Affect IT, E-Commerce
- U.S. Legislators Ponder Masses of Bills; Outlook Remains Murky
- Rule Changes May Further Protect Company Security Data
- Getting Started in Computer Forensics
- PKI Carries the Mail for U.S. Postal Service
- Security by Syntax