Demo: Security Rules

Conference highlights protection, compliance products.

SCOTTSDALE, Ariz.—Enterprises looking for emerging ways to secure their infrastructures and their assets were introduced to several new products at the Demo@15 conference here last week.

Like last year, Demo was again a proving ground for vendors trying to create buzz around security and compliance technologies ranging from a single-sign-on solution from Imprivata Inc., to Audiotrieve LLCs OutBoxer, which analyzes outgoing e-mail messages to reduce liability.

In its 15th year, the Demo conference has served as a launching pad for companies such as Inc., Microsoft Corp. and E-Trade Securities Inc. Products such as Tivo, the Java programming language and the Palm Pilot also emerged from this show.

A number of products showcased this year focused on ensuring that only the right people can access corporate assets. KoolSpan Inc., for example, demonstrated SecurEdge TrustChips, a smart-card-based network security system. Once embedded into a device such as VOIP (voice over IP) gear, servers or gaming devices, TrustChips can secure communications—either wired or wireless—by implementing two-factor authentication and 256-bit AES (Advanced Encryption Standard) encryption. KoolSpan is based in Bethesda, Md.

Looking to make access to applications easier for users, Imprivata, of Lexington, Mass., introduced OneSign, an enterprise-class single-sign-on appliance that allows IT organizations to give users access to an array of applications using one user name and password. The product integrates with authentication methods such as strong passwords and ID tokens.

Still, it doesnt matter how locked down the front door is if applications arent secured. A Web application attack two years ago that cost Cenzic Inc., of Santa Clara, Calif., CEO John Weinschenk more than $500,000 was the impetus behind his decision to create Cenzic Hailstorm 2.0, an application vulnerability management and policy compliance solution launched at Demo. Hailstorm 2.0 automates the process of application penetration testing by emulating hacker behavior and assessing the vulnerability of applications.

"Automated vulnerability testing is cost-effective but not necessarily very reliable," said Chris Shipley, the executive producer of the Demo show. "Manual testing is reliable but not very cost-effective. This product is able to prevent vulnerabilities in Web-based applications."

Next Page: New products focus on compliance.