While most security vendors continue to develop products that harden the network perimeter, two companies are introducing solutions designed to protect the vulnerabilities inside enterprise networks.
Check Point Software Technologies Ltd. and Ingrian Networks Inc. are each taking steps to solve the problem of internal threats—data misuse and abuse from employees, partners, customers and other users with network authorization.
At a time when external hacks tend to garner attention, internal data threats are on the rise. According to the latest CSI/FBI Computer Crime and Security Survey, 80 percent of respondents last year reported security incidents involving insider abuse. For the same survey in 2002, 64 percent of respondents reported internal incidents.
To help enterprises stem the rising tide, Check Point, of Redwood City, Calif., this week will introduce InterSpect, an appliance that includes defense technologies meant to help prevent or mitigate attacks from inside the network. The three main features of the box are a newly developed Intelligent Worm Defender capability, the ability to quarantine machines exhibiting suspicious behavior and the option of setting up discrete network segments.
Next page: How the worm defense technology works
2
The worm defense technology is among the first of its kind in the industry and works by identifying PCs that show signs of worm infection. When infection is detected, it shuts that computer off from the rest of the network.
The technology works hand in hand with the quarantining feature, which automatically shuts off outgoing traffic from infected computers. However, InterSpect allows quarantined computers to receive incoming traffic, enabling administrators to download patches or other fixes, said Check Point officials.
The appliances ability to react to attacks on its own has proved invaluable, beta customers said.
“The automatic identification and containment is key for us,” said Greg Murray, vice president of information security at Information Resources Inc., in Chicago, which has been testing InterSpect. “We do a lot of evidence-based security here, where we see an attack happening on a log or IDS [intrusion detection system] and then react to it. But … automatic blocking [is] easy to tune, and it lets our security officers go out there and do their jobs.”
At the other end of the spectrum is the new version of Ingrians DataSecure. The solution is designed to protect data while its in storage, in use and in transit among machines through the use of strong encryption, said company officials in Redwood Shores, Calif.
Applications or databases can access DataSecure via a secure session. The system encrypts, digitally signs and performs an integrity check on all the data it sees. That information can be sent to a networked storage device or database. When its retrieved, the data passes through the DataSecure system for decryption.
DataSecure employs a hardware security module to perform the cryptographic operations itself, relieving other applications of the computational overhead. The newest release, due within the next few weeks, will include better integration with a variety of databases.