Category: Product

Fred Felman, vice president of marketing at Check Point, said the new intrusion-prevention services will empower solution providers to guarantee customers up-to-the-minute protection against viruses and other network threats.

Calling upon the SmartDefense service and Zone Labs Security Advisories, Check Point will upgrade the service automatically, so its list of vulnerabilities is always up-to-date, he said. The new capabilities are part of the Redwood City, Calif.-based vendor’s Total Access Protection initiative to extend cooperation between its Integrity end-point security solution and other offerings in the Check Point product portfolio, such as the integrated firewall, VPN-1 Pro; the internal security gateway, InterSpect; and Connectra, the company’s Web security gateway.

The strategy is intended to help enterprises defend their network-connected PCs with unified remote access, end-point security, policy enforcement and hosted intrusion prevention. Eric Eder, president of Intelligent Connections, a security solution provider in Detroit, said his customers have needed more automation for handling incidents. “The ability to have centralized management control and have it be consistent across a variety of areas is really something [customers] like.”

http://www.securitypipeline.com/news/52200275;jsessionid=53OLQAFAE5TAQQSNDBCCKH0CJUMEKJVN

Robust, exciting technology may be the spark that brings vendors and customers together, but support is the stuff of long, happy relationships. With a malware storm always on the horizon, you’d expect AV vendors to have among the best customer support programs.

The last thing you’d expect is having to wait an eternity on an 800-number listening to Burt Bacharach melodies only to tell your problem to a call center operator with a checklist of questions and stock responses.

But that’s exactly what Information Security found disturbingly often in our review of leading AV vendors’ customer support.

Information Security graded each on the entire support experience, putting the greatest weight on the ability to solve our test problems (see “Report Card”).

http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss486_art1005,00.html

Symantec’s view is that a company’s business information is its most strategic asset and must be protected at all times.

This is not something that will be new to any business executive, especially given the number of legal and industry regulations, such as data protection and privacy, Sarbanes-Oxley and regulations regarding food safety that affect a wide variety of businesses.

This has upped the ante in the need to protect information from being altered in any way – or protecting the integrity of that information.

In order to be able to assure the integrity of business information, companies need to have the availability to scan all of the computational assets that they have in their networks to gauge the risk of vulnerabilities, security exposures and threats. This allows organisations to understand the resources that they have in place so that risk posed by security exploits that threaten the availability of those systems can be assessed.

Once the risk assessment exercise has been performed, organisations are in a better position to address those threats and can prioritise the actions that they are going to take to remediate against those vulnerabilities based on the value of the information to a company. Once a company is in the position to act on real-time security information, it is better placed to deal with incidents and disasters when they happen, and safeguard against threats in the future by establishing the policies, procedures and control mechanisms that are required for safeguarding information systems.

Using Symantec’s capabilities for monitoring and managing threats, along with real-time business reporting and analysis, companies are better able to ensure that information integrity is being achieved – taking them one step nearer to legal and industry compliance.

In line with its new corporate positioning initiative, Symantec has just announced the availability of some new products. These include the latest version of its Gateway Security Manager appliance, which provides network security capabilities including firewall, intrusion detection and prevention, antivirus policy enforcement, content filtering and virtual private network technology. This latest version extends gateway security capabilities to include mobile networks with the inclusion of a secure wireless LAN access point, making it suitable for use in remote and branch office environments as well as within the four walls of the corporate office.

Even with effective network security products, disaster can still occur, and information integrity can only be achieved if companies can recover from a catastrophic disaster affecting their networks. For this, Symantec has developed its LiveState Recovery family of products which allow full system restoration or recovery of any files on a server or desktop to ensure that information is available when needed – and hence reducing downtime to a business.

Finally, Symantec has brought out the latest version of its Enterprise Security Manager, which provides functionality for reporting on compliance with regulations, including pre-configured assessment templates designed for specific regulations, such as Sarbanes-Oxley and Gramm-Leach-Bliley.

http://www.it-director.com/article.php?articleid=12354

The real time network analysis offered by its Sourcefire 3D system can place security events in context and thereby help reduce the frequency on false alarms by up to 90 per cent, Sourcefire claims. Users can use the technology to enforce policies based on the correlation of detected threat with network vulnerability and asset data.

Sourcefire said its Real-time Network Awareness (RNA) Sensors score over vulnerability scanners because they provide constant feedback through passive detection of network activity rather than the snap shot offered by the “potentially disruptive” scanner approach.

In response the industry has moved towards intrusion prevention systems (IPS) which automatically block a subset of well-understood attacks.

Martin Roesch, founder and CTO of Sourcefire and creator of Snort, said that intrusion prevention and firewall technologies would converge. Firewalls alone can’t deal with problems like Nimda-style worms spreading across internal networks and stand-alone intrusion prevention technology fails to defend against anything other than well-known attacks, Roesch argued. “Intrusion prevention is a partial solution because the technology is purely signature based or, in the case of defending against DDoS attacks, rate based. Use of the technology can also creates a bottleneck on the network,” Roesch told El Reg.

He contrasted the intrusion prevention technology with Sourcefire 3D’s learn, block and correct approach. “Users could put our sensors inline if they wanted to. We can deliver intrusion prevention by other means,” he said.

Firewalls were traditionally designed to guard against network-level attacks – such as IP spoofing and port/network scans – but as more sophisticated application-layer attacks, such as worms and exploits of known software vulnerabilities, have become increasingly common a need has arisen to rejig corporate defences. That much is common ground between Sourcefire and intrusion prevention systems (IPS) vendors.

Leading IPS vendors, such as Top Layer, argue that rather than loading extra application-aware intelligence into firewalls better performance can be obtained by using standalone intrusion detection and prevention, such as its Attack Mitigator IPS 5500. It would argue its hardware-based technology is superior at automatically blocking attacks.

Sourcefire 3D, released in the US earlier this quarter, is available in Europe from today (28 October).

http://www.theregister.co.uk/2004/10/28/sourcefire_3d/

An announcement from Redmond on Tuesday indicated that its Live Communications Server 2005 software will let companies encrypt their instant-messaging communications internally and link IM systems between companies so that suppliers and other business partners can share secure IM connections. Additionally, Live Communications Server, or LCS, will include an option for letting companies link to public instant-messaging networks from Microsoft, America Online and Yahoo, so that employees can chat with users on the Big Three IM services.

LCS has become a cornerstone of Microsoft’s efforts to expand its Office line beyond a collection of productivity applications. By integrating LCS into Office, Microsoft hopes to imbue a variety of applications — especially its Outlook email software — with “presence”, or the ability to intelligently route communications based on a worker’s location or availability.

Presence works by using information in people’s applications to know their whereabouts. For example, if Outlook’s calendar shows that a person is in a meeting, it can route voice calls to that person’s cell phone. Or if someone sends an IM to a user, the software can then prompt a Net phone call and record a voice message.

Microsoft said the new release of LCS will also improve secure remote access to presence and instant-messaging capabilities, using standard firewall ports instead of virtual private network, or VPN, connections.

Last week, Microsoft announced new corporate instant-messaging client software, code-named Istanbul. The software resembles the Windows Messenger software that’s currently found in Windows XP. The difference is that, with Istanbul, a user’s IM information is synchronised with Outlook’s calendar and scheduling information. Istanbul also connects to desk phones and serves up an alert when someone calls.

http://news.zdnet.co.uk/internet/security/0,39020375,39171537,00.htm

The company announced that it has added new privacy features to its CallManager product, which maps phone numbers to IP addresses and keeps track of phone calls. Specifically, CallManager 4.1 extends encryption support to include its new and already installed 7940G and 7960G IP phones. Cisco also enhanced support for a protocol that will help customers link their existing telephone systems to its IP telephony products.

Security is a significant issue with any IP application. Like other packet-based applications, voice networks can suffer from denial-of-service attacks, which are caused when a hacker floods a network with packets until the switches and routers directing traffic throughout the network are frozen. Hackers also could tap into IP telephony calls to eavesdrop on conversations or break into corporate voice mails. As a result, some companies have hesitated in replacing their existing phone networks with one based on IP.

Cisco hopes that the new enhancements to CallManager can ease security concerns. By encrypting the voice traffic starting from the actual telephones, Cisco can help ensure that conversations are kept private and that no one is able to tamper with telephone signalling packets. Previously, Cisco only offered encryption on its high-end phones. Now the company is extending support to include its less expensive phones, too.

Customers will be able to take advantage of the new encryption features through a free software upgrade.

In addition, Cisco enhanced its Cisco Unity unified messaging product to provide better security to voice mail messages. The company also extended the interoperability of a protocol called Q.SIG, which is used to communicate between private branch exchanges from different vendors. The enhancement should help Cisco customers connect more securely between their new IP telephony network and their existing telephone infrastructure.

IP telephony is an important emerging market for Cisco.

The secure voice-messaging feature in Cisco Unity 4.04 comes at no additional cost and can be upgraded on existing products for free.

http://news.zdnet.co.uk/communications/networks/0,39020345,39171359,00.htm