Security vendors push intrusion-detection, professional services

Established vendors and startups last week announced products and services for network intrusion-detection and outsourced security management.

Hewlett-Packard, Axent Technologies and startup Sanctum debuted intrusion-detection software for corporate networks, while Raytheon Company announced BladeRunner, server-based software for monitoring internal corporate network traffic in order to prevent unauthorized transmission of sensitive material.

BACKGROUND: Security roundup: How did 9/11 change IT?; Microsoft premature patching; HIPAA gets nasty

"It identifies traffic-flow patterns to identity anomalies," says Jeff Waxman, president of Raytheon's newly formed information assurance product area based in Linthicum, Md. "If the R&D department suddenly starts sending information out to the wide-area Internet, you'll know that."

Available for Unix or NT, BladeRunner, priced at $65,000 per copy, is a passive-listening device that can display the entire topology of the corporate network to show what network users are doing by reporting activities to the BladeRunner console.

At its Cupertino headquarters, HP unveiled the HP Praesidium Intrusion Detection System, software offered as a $1,695 option to protect HP's new version of Unix called HP-UX11i.

"The Praesidium software detects unauthorized access, root exploits, buffer overflows or other unusual behavior and send alerts to HP OpenView," says Roberto Medrano, general manager of the Internet security solutions at HP.

HP pushed two other security products out the door last week. The first was Web Enforcer, NT-based software that works to strengthen Web servers used in e-commerce by detecting security vulnerabilities and mending these holes on an ongoing basis. The software, with service support, costs about $7,000.

HP says it has also beefed up its Web QoS, software costing between $7,000 to $12,000 used for NT, HP-UX or Solaris to prioritize traffic so that Web QoS can now detect some types of HTTP-based denial-of-service attacks and block them.

Medrano points out that Web QoS won't readily protect against massive distributed denial-of-service attacks based on SYN Floods, however.

In the area of consulting services, HP has formed the Global Security Consulting Practice with 300 security experts in its offices around the world to advise corporations on risk-management and security strategies.

Startup Guardent also opens its doors this week with 75 employees to provide security consulting. Dan McCall, founder and chief marketing officer, says the firm purchased the entire professional services practice at Secure Computing for an undisclosed sum. The company is providing managed security services as well for companies ready to outsource in this area.

Another startup, Santa Clara, Calif.-based Sanctum -- which just changed its name from Perfecto -- unveiled the second product to follow its Web-based AppShield, ingenious Web server software that prevents electronic commerce shoplifting by exploiting application flaws.

Sanctum's second product, the Linux-based AppScan, lets the network manager or application developer remotely test Web applications to determine weaknesses that could be exploited in an e-commerce setting. "It's a sort of 'Robohacker' that lets them manually simulate attacks and suggests how to fix things," says Sanctum's founder and senior vice president, Eran Reshef.

The software, set to ship next month for $20,000 per user, is under testing at Yahoo, Lycos and Exodus Communications. Concern that his AppScan could be put to criminal use in the hands of hackers has compelled Reshef to ensure AppScan has a mechanism -- which he would like to keep secret -- to prevent unauthorized use.

Axent Technologies, which spars with Internet Security Systems to claim market leadership in the intrusion-detection realm, weighed in last week with updated versions of its NetProwler vulnerability scanner and its hosted-based IntruderAlert detection software for Unix or NT.

Intrusion-detection software has to be constantly updated as new attacks are discovered, and NetProwler 3.5 can accept file downloads from the Axent Web site of these new attack signatures. In addition, the security software now runs on Windows 200 and Linux in addition to NT and Unix.

Intruder Alert 3.5, which supports updates via file transfer, now comes with Unix-based console software for HP-UX or Solaris in addition to NT.

Axent is now marketing both products as the ProwlerIDS Series, offering a combined license for both security tools for $10,995, a savings of at least $5,000 over purchasing the Axent products separately.

Axent's top rival ISS weighed in last week to say it has become the first vendor to obtain export status of its intrusion-detection software, RealSecure 3.2.2, under the more lenient encryption export rules announced January 14 by the White House.

RealSecure has options to encrypt some data for security purposes. Users can now more easily export RealSecure with Triple-DES or elliptic-curve public-key at strengths up to 239 bits, said to be stronger than the standard RSA 1,024-key. without having to fill out extensive paperwork or get approvals for most countries.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags HPfirewallssecurityMicrosoftraytheonHewlett-Packard

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place