GCN INSIDER: Trends and technologies that affect the way government does IT
- By Brad Grimes
- Mar 16, 2005
Pocket-sized security changes tack
GET 'EM WHILE YOU CAN: The Xkey USB security device may be phased out because at $300-$550, it's a bit too pricey.
The GCN Lab was prepared to sing the praises of the Xkey USB security device when it learned the product'introduced just last year'might be phased out. In a call to one of the product's Israel-based engineers, it became clear the reason wasn't technology related.
M-Systems Ltd. created Xkey as a portable, highly secure network authentication mechanism. It's a USB key device that includes 128-bit encryption, two-factor authentication, on-board virus protection and other cool features such as protection from keystroke loggers and automatic cleansing of browser caches (plus up to 2G of storage). Just plug the Xkey into a computer's USB port and establish secure network and e-mail communications.
The main problem? Cost. At $300-$550, even M-Systems had to admit the Xkey was pricey. Interested agencies can snap up the remaining inventory of Xkeys (see www.xkey.com
), but it sounds like the company will concentrate on what it does best'develop mobile security software'and let other USB key makers incorporate it into their devices. No word yet on possible partners, but based on our experience with the product, if the strategy leads to widespread adoption of Xkey technology, mobile workers will be armed with exceptional security.Intrusion detection is so yesterday
IT managers used to be all in favor of security appliances that alerted them to network attacks and prompted them to take defensive measures. But with the rate of attacks picking up, they now want their appliances to repulse hackers automatically. Analysts say intrusion detection systems are being overtaken by intrusion prevention systems.
For now, officials at V-Secure Technologies Inc. of Saddle Brook, N.J., see the two platforms co-existing. V-Secure makes IPS appliances that compete with products such as Juniper Systems' NetScreen and McAfee's IntruShield. The fact of the matter, says V-Secure CEO Izhar Shay, is that the possibility of false positives blocking legitimate network traffic still makes IDS a more attractive option for some agencies.
Ultimately, though, Shay believes 'people don't want to maintain two boxes.' And indeed, researchers such as those at Framingham, Mass.-based International Data Corp. expect IPS to overtake IDS in a few years. V-Secure's IPS appliances use fuzzy logic, rather than signature files, to identify and prevent attacks. Shay says this is key to minimizing false positives. A V-Secure appliance watches network traffic and applies spectrum analysis, in effect learning what's normal and what's not. Because the product continues to learn, it's easier to manage than an appliance that always needs updated signature files, Shay says. Until GCN Lab gets its hands on a box, we'll reserve judgment.Asset management is more than IT
It's hard to argue with the logic behind the latest software release from MRO Software Inc. of Bedford, Mass. The company has long developed software that government agencies use to track physical assets. But its newest product, Maximo Enterprise Suite, which ships this month, now also incorporates IT asset management.
The company is clearly targeting users of IT asset management products, such as BMC Software's Remedy and Peregrine Systems' AssetCenter, with the lure of a consolidated platform. The new Maximo also includes service management modules for creating what Mark Gruzin, director of MRO Software's federal division, calls a 'one-stop, shared services desk.' Gruzin says he envisions agency employees calling a single help-desk number for computer crashes and HVAC outages alike. The Maximo system helps route the requests and provides a central repository for all asset information.
Such a significant reorg of agency support may prove difficult, but one area where a product like Maximo could have immediate impact is in service level agreement management. With more agencies outsourcing various functions under A-76 requirements, it can be hard to keep track of which contractor is responsible for which asset'IT or otherwise. According to Gruzin, Maximo can offer visibility into the state of all assets.GCN Lab Director John Breeden II contributed to this report. E-mail Brad Grimes at email@example.com.