Extreme Enters Zero-Day Fray

The menace of zero-day attacks was a major concern of attendees at last years Interop conference in Las Vegas, and now switching specialist Extreme Networks Inc. (Nasdaq: EXTR) has become the latest vendor to join the fray (see Security Approaches Day Zero).

Zero-day attacks, so called because they use previously undocumented virus signatures, are becoming a major headache for IT managers. Existing security technologies, such as firewalls, often rely on a constantly updated list of these signatures in order to identify an attack. So, if the signature is unknown, it poses a real problem.

At Interop next week, Extreme is suggesting its own solution -- a new Sentriant security appliance and an overhauled ClearFlow analysis engine, which examines traffic passing through Extreme's BlackDiamond 10K switch (see Extreme Bolsters 10-GigE Security).

Extreme has added a security rules engine to the ClearFlow architecture, which now checks abnormal behavior such as unusual TCP requests. If these are identified, the traffic is sent to the 2-rack-unit high Sentriant box. The device then decides whether the threat is real or not, and sends a message back to the switch telling it, if necessary, to “throttle” the traffic.

But Extreme is not the only company looking to tackle this threat, although most solutions currently available on the market are software-based. Of these, the best known is Cisco Systems Inc.'s (Nasdaq: CSCO) Security Agent product, although a raft of startups are also attacking this space (see Startup Avinti Acts on Zero Day and eEye Launches Blink).However, this could hardly be described as a mature space. In fact, figures on the current size of the zero-day market are hard to come by, compared to say, other security technologies such as SSL VPNs. For Extreme, this is also a step into uncharted waters. The Sentriant device is the vendor's first ever security product.

So, why make an entry into this market now? With new zero-day security startups coming onto the market seemingly every few weeks, the last thing that Extreme needs is to get beaten to the punch by software vendors selling their wares into its own customer base. Additionally, security is one of the fastest growing areas in data center spending, so a foray into this space makes sound financial sense (see 2005 Market Outlook and Is Zero Day a Cash Cow?).

Suresh Gopalakrishnan, VP of marketing at Extreme, told NDCF that, at the moment, ClearFlow and Sentriant are only available on the BlackDiamond 10K. However, he says the new solutions will eventually migrate to other products running Extreme’s X/OS operating system.

Extreme is not the only vendor looking to beat the slew of announcements likely to be coming out of next week’s Interop show. F5 Networks Inc. (Nasdaq: FFIV) boosted its own product line this week with enhancements to its core operating system and the launch of a new application accelerator (see F5 Unveils Application Accelerator).

— James Rogers, Site Editor, Next-Gen Data Center Forum0