Vendors Begin Plugging Products for RSA Show

By Matt Hines  |  Posted 2007-01-29

Vendors Begin Plugging Products for RSA Show

The avalanche of new security products launched for the RSA Conference 2007 has already begun, even though the show itself does not kick off for another week.

A collection of security companies introduced new products, or announced other news, on Jan. 29 in an effort to get ahead of the crowd, as dozens of additional products and services will be rolled out over the coming week in expectation of the event, and during the show itself, which will run from Feb. 5-10 in San Francisco at the Moscone Center.

Among the firms getting news out the door before the increasingly popular conference begins were Vontu, SPI Dynamics, eEye Digital Security, ScriptLogic, NitroSecurity, Novells Project Bandit and Extreme Networks.

Vontu, based in San Francisco, announced its latest data loss prevention package, which promises to help enterprises lock down the flow of information from their networks and maintain compliance with data-handling regulations.

Dubbed Vontu 7, the package boasts an array of upgrades over previous iterations of the companys software, including the ability to monitor USB storage devices and other removable media, along with expanded reporting tools.

Among other capabilities, the Vontu software claims the ability to protect data whether it resides on servers, desktops and laptops, and to block sensitive data from being sent out via e-mail, Webmail or file-sharing systems. The product also boasts new coverage for Asian languages, and will hit the market in late March 2007 with a base price of $25,000.

Atlanta-based SPI Dynamics introduced a new Web application security assessment platform, labeled Phoenix, that it said will greatly improve its products ability to find holes in companies online sites and software tools, including so-called Web 2.0 software programs.

As many companies build new Web applications on emerging technologies such as AJAX, developers are overlooking large numbers of vulnerabilities and leaving their employers open to attack, SPI officials contend.

In addition to improving its ability to test such programs, SPI said that Phoenix, which will serve as the foundation for all its next-generation product lines, will speed vulnerability testing scans, reduce false positives, allow for simultaneous scans and support the IPv6 standard.

Click here to read more about vulnerability testing tools.

SPI also released its first product built on the new architecture, its WebInspect 7 applications security testing package, which boasts a new tabbed interface and integrated support for end users, along with the inclusion of the Phoenix capabilities for scanning and reports. The product will arrive on the market in mid-February.

Software maker eEye Digital Security, based in Aliso Viejo, Calif., introduced the latest version of its Blink Professional endpoint security package. For the first time, the vendor has added anti-virus capabilities to the product, adding to its host intrusion protection and applications buffer overflow protection tools.

In addition to the new anti-virus tools, which the firm developed through a partnership with Norman Data Defense, eEye is touting the ability of the software to fend off phishing attacks, monitor firewalls, manage group user policies, protect data from being saved to removable storage devices and test for local vulnerabilities. The package, available immediately, also offers attack and security event reporting through a revamped security management console.

Next Page: New platforms.

New Platforms

Boca Raton, Fla.-based ScriptLogic launched its newest security management platform for Microsofts Windows products, dubbed Security Explorer 6.0. The network administration specialist is touting a redesigned user interface, new systems controls, and support for Microsofts new Vista operating system in the offering, which is available immediately.

Benefits of the new interface, according to company officials, include faster performance and greater flexibility for administrators running the program to manage different versions of Microsofts Windows workstations and servers, along with centralized management of file security for such devices.

Security management applications maker NitroSecurity, Portsmouth, N.H., introduced its newest appliance, which aims to aid businesses in the oversight of operational and network defenses against internal and external attacks.

Labeled as NitroView ESM (Enterprise Security Manager), the device claims advanced network-based threat mitigation capabilities, combining security event management and network behavior analysis into a single platform.

By embedding its relational database (NitroEDB) on the appliance, the company said it has boosted the products ability to provide real-time traffic analysis and security event management, including deep packet aggregation and correlation for an extremely large volume of files at one time. The product is available immediately.

Officials with Novells Project Bandit open-source authentication effort, and the Eclipse Higgins Project, which backs development of open-source tools, announced the achievement of a key milestone in their ongoing joint development of identity services.

The two groups are working to create standards-based tools that allow companies to better integrate IT systems authentication capabilities, in the name of allowing such systems to work together more smoothly and with less customization.

Based on working code provided by the two projects, along with submissions from other developers, the teams announced that they have created a reference application to show off the promise of open-source identity services that are interoperable with Microsofts Windows CardSpace identity management system, that also allow for ID federation via Novells Access Manager platform. The research groups are touting the application as the first of its kind and will demonstrate how it works at the RSA show in early February.

Infrastructure specialist Extreme Networks, Santa Clara, Calif., made a handful of security improvements to its operating system, the new version of which is dubbed ExtremeXOS version 11.6, adding new capabilities for interaction with so-called NAC (Network Access Control) technologies.

The company is specifically touting the ability of the software to strengthen security policy enforcement to ward off attacks via switch-based enforcement, and allow network administrators to install NAC systems more securely. The updated ExtremeXOS OS is being made available by the company today.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.

Rocket Fuel