Security Approaches Day Zero

Protecting applications from new virus attacks will be a major issue for enterprises during the coming year, according to attendees at this year's Networld+Interop tradeshow in Las Vegas.

IT managers are really paranoid about security and not many of them want to go on the record about it. But we talked to a few who were willing to speak under condition of anonymity.

One IT manager working in the healthcare industry said securing applications is "very much" a problem for users at the moment.

Another beleaguered IT manager agreed, saying: "I see [application security] as probably the most pending concern in our company – we've got the firewall and intrusion and detection systems figured out, but the application layer is hard to keep up with."

Another message coming out of N+I was that, if you build applications in-house, you will have to work extra hard to protect them. Kurt Roemer, director of security research at vendor NetContinuum Inc., sums up the dilemma. "Who writes patches for your customized applications?" he asks.So, what's the answer? Well, a number of IT managers attending N+I were speaking in glowing terms about "day-zero" protection – essentially, technologies that help protect against unforeseen attacks.

One "day-zero" product that was much talked about by attendees at N+I was Cisco Systems Inc.'s (Nasdaq: CSCO) Security Agent (CSA) software. One attendee says, "CSA is something that we are going to look into – I think that will offer us host-level protection."

Another says, "CSA is a good idea. It may be useful."

But it's not the only solution out there. Other similar "agent-" type security offerings in this space include Platform Logic's AppFire Suite, eTrust Access Control from Computer Associates International Inc. (CA) (NYSE: CA), and Sana Security's Primary Response.

In a previous incarnation, CSA was actually Okena's StormWatch product. Cisco acquired the security specialist last year (see Cisco Completes Okena Buy).CSA, which was "launched" last year, works by analyzing the behavior of servers and desktops, as opposed to the traditional security approach of identifying the "signatures" that are embedded within viruses.

This is important, because users cannot always rely on software successfully identifying a virus signature. The healthcare IT manager says, "When a new virus comes out, it will take a while to get the signature."

He also believes that "day-zero" products such as CSA and others will be "a big help." He adds, "If the application is doing something that doesn't look right, it closes the application." This could happen when, for example, a PC suddenly starts sending out thousands of emails after being attacked by a virus.

But nothing stands still in security, and one user we spoke to said that he hoped to see CSA being updated over the next few months.

The Cisco seems to have taken this advice to heart. Dan Hession, its director of security product and technology marketing, confirmed that CSA will be enhanced to support a greater number of operating systems.Cisco, in typical fashion, is playing its cards close to its chest, although Hession did reveal that the OS upgrades will include Linux. "Stay tuned for that," he says. "The adoption rate has been growing month-to-month."

— James Rogers, Site Editor, Next-gen Data Center Forum