Vendors spotlight two-way security

Vendors spotlight two-way security

SAN FRANCISCO'Monitoring, filtering and blocking network traffic to defend against a multitude of threats and faux pas are among the hot technologies at this year's RSA Security Conference.

Gateway appliances offering layers of protection are the flavor of the moment. With spam one of the major villains of the networked world, any device worth its salt includes some kind of spam blocking. But with the collapse of the enterprise perimeter as the primary line of network defense, tools now are keeping an eye on internal and outgoing traffic as well as incoming traffic, and mobile users outside the enterprise are receiving attention, as well.

About 60 percent of cell phones delivered today are Java enabled, said Shlomo Touboul, chief executive officer of Finjan Software Inc. of San Jose, Calif. Mobile gaming has been a strong driver for the devices, which can receive applets and run applications as well as provide phone service and exchange e-mail.

'It's a nightmare for service providers' who are trying to keep up with the product-specific applications and extensions for phones, Touboul said. So far, there have been no serious cell phone exploits discovered in the wild, although Finjan has developed hostile demonstration code to exploit the devices.

'It's terrifying to think how easy it is,' he said. Service providers do not want to wait for the exploits to appear before providing protection, he said. 'They are telling us, 'We learned our lesson from the PC.''

Finjan is addressing the problem by extending the scanners for its SurfinGate devices to include extensions being added by cell phone vendors and developers. 'We put the server at the service provider site,' Touboul said, and scan for malicious applications. The new products are being tested now with cellular service providers.

Several products offer suites of filtering services. The Content Management Suite, from WebWashers AG of Germany, resides on a gateway device. In addition to spam filtering, it provides a choice of antivirus engines, Uniform Resource Locator blocking and filtering of Secure Sockets Layer traffic. The spam filter uses a variety of methods to control unwanted e-mail traffic, including white lists and black lists, examining header information and content, look-up of senders and links, and a statistical filter with a dictionary.

The suite's neatest trick, available next month, will be SSL filtering. The encrypted traffic is stopped at the proxy level and a second secure session is initiated with the server. In between, unencrypted traffic can be examined on the gateway and filtered according to user policies. The company has its work cut out for it selling this feature.

'There is a lot of interest in SSL filtering,' said Frances Schlosstein, WebWasher's vice president of business development. 'But it hasn't been on anybody's radar screen before because it hasn't been available.'

Group Technologies USA Inc., a subsidiary of a German company headquartered in Milford, Mass., is adding several new features to its SecuriQ.Wall filtering product for Lotus Domino and Microsoft Exchange e-mail platforms. It uses lexical analysis of words, content scanning, black lists and white lists for senders, and sender-recipient combos to block and keep track of e-mail. In May it will begin scanning zipped files and Portable Document Format files as well. The company also will introduce a self-learning engine that can recognize new spam by analyzing the traffic.

The company claims the Interior Department and the Customs Service among its customers. Company president Karl-Heinz Dahley said that although keeping spam out is the goal for most of his customers, government users are becoming more concerned about keeping confidential information in. He said scanning outgoing traffic is becoming just as vital as scanning incoming.

Keeping track of outgoing traffic is the whole point of a new feature in Version 2.0 of the Teros-100 Application Protection System from Teros Inc. of Santa Clara, Calif. APS sits in front of a Web server farm and inspects incoming and outgoing packets at the application layer. It comes programmed with hundreds of rules for what kinds of traffic and behavior should be allowed or blocked, and after several days of monitoring a system it learns from usage patterns which rules should be enforced and which should be waived.

A new module called SAFEIdentity is being added to the APS as a free option to keep an eye on Social Security numbers. 'All the heavy lifting is in the core processing,' said CEO Bob Walters. The SAFEIdentity module adds some additional rules for looking at numbers in the outgoing traffic.

The module recognizes Social Security numbers from either a string of nine numerals, or the usual groupings of three, two and four numerals, separated by spaces or dashes. When it recognizes a Social Security number, it can apply rules to block, log or otherwise regulate it according to the user's policy. This can keep confidential information from leaving an enterprise through unauthorized means, making identity theft more difficult.

Nokia Americas Inc. of Irving, Texas, has come up with a device it calls an e-mail firewall to add another layer of defense to the enterprise perimeter. Message Protector is an appliance running Nokia's Ipso-SX hardened operating system that sets between the firewall and the e-mail servers and acts as a mail transfer agent. It does packet inspection, scans for viruses, strips macros, watches for malicious behavior, checks content and blocks spam at the rate of 120,000 messages per hour for messages averaging 14K. Latency varies, depending on the type and length of messages being examined, but because e-mail is a store-and-forward technology delays are not critical.

'This box is configured to call home for updates' for malicious code and spam signatures, said product manager Haig Colter. It also is persistent, and can unzip 62 layers to get down to the content. The same box can handle outgoing as well as incoming traffic, or multiple boxes can be used.

Message Protector is available now for $15,000 per box, plus licensing based on the number of users. There is government interest in the product, but 'procurement is not exactly an overnight process,' Colter said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group