Security Innovations Debut at Demo Conference

SCOTTSDALE, AZ - Security was on everyone's mind this week at Demo 2004. Sure, the weather was sunny and warm, the drinks flowed like a desert spring, and the golf courses beckoned. But if attendees were tempted to forget the ever-more-sophisticated security threats surfacing seemingly every day, a flood of security product announcements made sure to remind them.

Just like the threats, the new products came in all sizes and flavors, from global warning systems to fraud detectors, offering protection for web services, web applications, instant messaging, incoming and outgoing e-mail, and more. The danger may be increasing, but so is the arsenal of weapons with which to fight back.

Warning! Warning! Danger! Danger!
Forescout Technologies's new Global Early Warning System (GEWS) is designed to aggressively seek out network threats before they have a chance to strike. Instead of waiting for an attack, GEWS is designed to determine find hackers and worms in action in time to block them.

Customers running Forescout around the world form a network of sensors to collect, correlate, and distribute data on the IP addresses, owners, attacks, and timing of threats. This information is used to create real-time maps of malicious activity, and the information is then distributed to GEWS customers' routers, firewalls, and even PCs.

To determine a threat, GEWS senses when an application is asking for information for possibly malicious purposes, feeds it false information as a test, and then traps the application if it tries to use the data for an attack. According to the company, some 97 percent of attacks are preceded by some form of reconnaissance, which could alert GEWS. And although GEWS can't trap every attack, its unique approach removes the possibility of false positives and will catch threats that other systems miss, said Oded Comay, CTO of the San Mateo, Calif. company. Just as important, because the GEWS system tracks behaviors, it's not dependent on constantly updating a massive database of threat signatures.Based on earlier ActiveScout and WormScout products, GEWS will be available on a service based business model when it ships in the fourth quarter. Pricing has not been set, but will depend on the number of firewalls protected.

15 Simple Rules To Protect My Web Services
Web services security has been a hot button topic for a while now, but Forum Systems hopes to cool things down with its XWall Web Services Firewall. According to the Salt Lake City, Utah, company, network firewalls are -- intentionally -- blind to web services traffic, leaving them open to XML viruses, parser attacks, schema poisoning, SQL injections, cross-site scripting, entity expansion, and other colorfully named web services attacks. XWall, called an XML Intrusion Prevention (XIP) system, combines SSL with 15 rules designed to inspect, validate, and monitor Web services traffic and stop vulnerabilities.

Available immediately, pricing for XWall begins at $2,500 for software, $5,000 on a PCI card and $9,995 as a hardware appliance.There are web services, and then there are Web applications. To protect the latter, MagniFire Websystems introduced version 2.5 of Traffic Shield. The Israeli company's product maps all of the things users should be able to do at any point in a Web application, and blocks all other activity. By stopping attempts by users to change the parameters of what they're allowed to do online - an attack known as "parameter tampering" - actions that are potentially dangerous but that might not raise the alarm can be stopped before they cause problems. Version 2.5 adds a better user interface, more manageability and control.

MagniFire 2.5 pricing begins at $25,000, and it's available now.

Fraud Goes Phishing
Problems caused by spam go way beyond clogged inboxes and lost productivity. The latest spam messages are often cleverly designed to appear to come from legitimate businesses, and fool users into revealing valuable personal identity and enterprise security information.The emerging threat from e-mail fraud is the target of the new MailFrontier Enterprise Gateway 3.0, which adds anti-fraud capability to MailFrontier's existing anti-spam suite. Using proprietary technology, MailFrontier, Palo Alto, Calif., recognizes and quarantines potentially fraudulent e-mails, including phishing attempts, bogus updates and billing fraud, then warns users and administrators and provides information about the attempted fraud.

CEO and co-founder Pavni Diwanji claims that MailFrontier is also working behind the scenes to stop mail fraud. In beta testing now, MailFrontier Enterprise Gateway 3.0 should be available by the end of March for approximately $15 per seat.

Confidence In Your Portal
With all the bad publicity surrounding online activity these days, it's no wonder consumer are worried. E-commerce and banking portals can reassure them with Confidence Online Portal Edition, a public version of WholeSecurity Inc.'s product for enterprise employees.

Confidence Online Portal Edition is designed of prevent online ID theft by Trojan horses and other software threats that might have infected a PC, just waiting to steal key information when the user logs into an e-commerce or banking portal. First, users must accept a small download from the site. The download might, unfortunately, scare off many skittish consumers. Then the software scans the computer for malicious behavior, not just limiting its scan to virus signatures, protects the transaction, and disables any Trojans. The download does not have to be repeated the next time the user visits the site.

According to Austin, Texas., based WholeSecurity, Confidence Online Portal Edition is available now for $5 per user for up to 100,000 users.Outgoing Security
Not all threats to the enterprise arrive via incoming e-mail. Many serious problems can be caused by outgoing e-mail, according to Gary Steele, CEO of Proofpoint Inc.

Proofpoint Risk Management Server uses Machine Learning (MLX) technology to help enterprises to check e-mail and instant messaging communication for violations of the company's internal policies, regulatory requirements, and risk-management needs.

The software uses a statistical model to analyze outgoing messages for the probability that they violate policy, said Steele, and then either notify users or block the message.

Proofpoint Risk Management Server is due out this summer. The Cupertino, Calif., company has not yet set pricing for subscriptions to the service.

Instant Security
If the e-mail threat isn't bad enough, enterprises now have to worry about instant messaging security as well. The well-known public IM networks, such as America Online and Microsoft MSN, are notoriously insecure, but Voltage Security's SecureIM is intended to change all that.Using identity-based encryption developed at Stanford University, SecureIM covers instant message from end to end -- in and out of the corporate firewall - with no need for users to pre-enroll or deploy certificates.

The company claims the technology integrates with existing IM clients to become "near transparent" to users. Yet each message is signed and authenticated before being delivered.

Shipping in the second quarter, license for the SecureIM platform will begin at $50,000. The company plans to expand its technology to cover e-mail and other transactional messaging.