As more and more systems and users get hooked up to public networks, and as more and more wireless networks come online, IT managers are faced with a dual threat. How do I provide ready access to all my systems and data wherever my users might be, while still protecting vital corporate access?
Security: Two of the security systems featured load applets on workstations and servers, but secure different parts of a system. The last two offer radically new ways to encrypt data, and uniquely identify users. Read more about these technologies in our Demo security wrap-up.
Spam: Now when it comes to spam, the problems different, but the result is the same. How do I keep nasty stuff out of my users systems, while not bringing too much hassle into the workday routine.
To date, most anti-spam solutions have operated on the desktop. PC Magazine recently ran an exhaustive round-up of desktop spam products. But at this years Demo, the focus was on taking those products off the corporate desktop and onto a server, where they can be centrally managed and maintained.
In our round-up of enterprise anti-Spam tools from Demo, we look at two server-based solutions and one that aims to build a registry of nasty spammers, to make it easier to identify, and block, the worst offenders.
Lower Your WAN Cost: There was one last Demo product that doesnt fit neatly into a category, yet it may offer immediate ROI to large companies. ITWorx debuted a new network appliance that will compress network traffic on either end of a WAN link, to improve throughput and save telecommunications costs.
An organization would typically place a NetCelera appliance at either end of a WAN link. Installation is simple—the device has just two Ethernet ports, one for uncompressed LAN traffic and the other for the compressed data for the WAN link. The company claims up to a 10x bandwidth savings for data, e-mail and other files—it wont help with video and other multimedia traffic, however.
The appliance supports WAN links up to 45 Mbps, or T3 speeds. Costs range from about $5,000 for two boxes on up, based on bandwidth. The product is available now.
: Quantum Physics and Skin-Tight Security at Demo”>
Quantum Physics and Skin-Tight Security at Demo
BBX Technologies: Viruses, worms, Trojan horses and other malware have been at the forefront of many users and IT managers concerns recently. From viruses and worms like Slammer, I Love You and Anna Kornikova, to spyware, like Back Orifice, unauthorized and rogue programs can wreak havoc inside an organization. In addition, some user behavior can unintentionally bring networks and systems to their knees.
ImmuneEngine, a new protection product from BBX Technologies, aims to control these incursions by blocking and removing unauthorized executables before they can run on a system.
The product works by loading a small application on each machine, which monitors the Windows kernel, tracking the memory stack, mouse activity, keyboard activity and all of the message queues inside the system. When the application detects that an executable has been written to the system, it deletes that program before it can run. If an already running application starts behaving badly—as determined by system policies—ImmuneEngine attempts to remove it from the program stack without crashing the underlying system. Thus buffer overflow attacks, hidden e-mail-based worms, and other malicious hidden programs are kept from running and ruining a protected system.
ImmuneEngine is not designed to replace anti-virus and other signature-tracking apps. Instead, the company claims, it provides a “last line of defense” for 32-bit Windows-based workstations and servers. It wont block everything, but it adds another layer of security to an existing environment. The client takes up only 3-4 megabytes of storage and results in a 3 percent performance hit on a 700MHz computer.
Pricing for the product, available now, is about $175 per workstation.
Liquid Machines: This company solves a different part of the security problem, in a similar way. Rather than focus on protecting a system from rogue executables, Liquid Machines tries to protect the intellectual property contained in spreadsheets, documents and data files from being improperly altered or stolen. This has become an even more important security issue now that notebook computers are so widespread and its so easy to e-mail a file to anyone.
The Liquid Machines Information Security Platform, like ImmuneEngine, works by loading a small applet onto each secured PC or notebook. That applet then encrypts data files and uses rules and group-based security policies stored on a central server to determine users level of access to those files.
The companys software loads itself along with any application and controls access to file creation, saving, deleting, copy-and-paste and printing functions. Based on users security level, they can be restricted from even opening a file.
The applet that runs on every PC includes a copy of all the policy rules contained on the server. When a file is opened, the system checks those policies to determine access level, and whether to decrypt the file at all. If a user is operating untethered, on a notebook or stand-alone desktop, the locally cached policies are used.
However, the company has also implemented a time-out feature as well. If that policy is set for two days, for instance, and if the computer hasnt connected to the server during that interval, all file access is blocked.
Its not foolproof—a truly determined thief can always take a snapshot of a screen with a digital camera or grab a screen capture of sensitive data. But it does offer another level of key protection.
The software and server, which will go into beta-testing next month, should be available later this year. Liquid Machines is targeting financial institutions, pharmaceuticals and government agencies that need secure data protection even when a notebook has left the network. The server is expected to cost $35,000, with each client adding another $150 to the cost. Later in the year, the company expects to extend the protection system to cover e-mail and messaging as well.
Hacker-proof Security: Two other fascinating high-level security applications were debuted as well. MagiQ showed off an intriguing technology, code-named Navajo, that it claims is “hacker-proof.” It works by using quantum cryptography—essentially a single photon transmitted over a fiber connection—to create unbreakable encryption. Its based on the laws of physics, and terribly complex. Head to the company site for more information.
Skin-tight Security: As if retinal scans and fingerprints werent enough, Delean Vision showed off an identification technology using details of human skin. It uses standard PC webcams to capture a skin image and then compares that image to its database of users. It seems far out, but actually seemed to work.
Secure Zip Files: PKZIP showed off a new version of its zip software that adds RSA BSAFE encryption to standard zip files. The company has made some strong efforts to integrate security and Notes/Outlook support into the program.
: Anti-Spam Tools for the Enterprise”>
Anti-Spam Tools for the Enterprise
When it comes to e-mail, the problems of access and protection are similar to security. E-mail has been a great productivity tool, but with spam comprising upwards of 75 percent of some users e-mail it has become more of a productivity drain.
Everyone hates spam—yet it has mushroomed into a huge problem. A wide-range of anti-spam tools have been delivered to the market, but most of them run on individual desktops and need to be managed separately by users. However, two new server-based products aim to help protect the in-box centrally while still enabling productivity and freedom.
Mail Frontier: The new Anti-Spam Gateway from MailFrontier uses many of the same techniques that its popular Matador desktop product uses, including whitelists, blacklists and content filters. The software runs on its own dedicated Windows 2000, Solaris or Linux server and acts as an SMTP provy. It sits between the SMTP Gateway and an Exchange, Notes, Sendmail or other mail server.
A small client runs on each PC and communicates with the central server. The user can enable his or her own set of white and black-listed domains—this lets one user receive e-mail newsletters that another has targeted as spam.
When a message has been identified by the server as spam, it is removed from the users inbox and put into a special holding area. The server builds and updates what the company calls an “eProfile”—a customized set of rules that determine what each user receives and what gets blocked.
The company also hopes to reduce false-positives by sending a note to a user when certain questionable messages have been blocked. This lets users still receive messages that may seem to be spam, like e-mail newsletters.
Mail Frontiers Anti-Spam Gateway will cost between $5 and $15 per seat, per year. The Windows 2000 server is available now.
Cloudmark: The Cloudmark Authority anti-spam gateway works differently. Rather than relying on blacklists and whitelists, this server uses what Cloudmark calls a “message fingerprinting” technology to identify and block Spam. It uses a predictive Beyesian engine to determine whats good and whats not.
Cloudmark compares spam to DNA and has built a product around identifying mutations spammers add to messages to keep them from being caught by more traditional spam-catching products. Cloudmark Authority also incorporates intelligence from more than 300,000 users of its SpamNet product, which the company claims lets users do more precise filtering.
The server develops spam confidence levels and allows administrators to select actions based upon those levels. So a message that is 90 percent likely spam could simply be deleted, while one with a 70 percent confidence level might result in a warning to the user about the message.
The server runs on either Linux or Windows and talks to the Gateway Message Transfer Agent (MTA) directly. It can be loaded onto the MTA itself, and in that case exacts a 5 to 10 percent hit on performance. Unlike some other solutions, which can have hundreds or thousands of rules, Cloudmark claims that its solution generally compares each message to a small set of “genes”—typically around 150.
The product, available now, costs $10 per inbox per year.
Registry of Spammers: IronPort already sells messaging gateway appliances that are installed all over the world. The company is using data collected by those appliances, along with others to determine on a real-time basis who is sending out large quantities of e-mail. IronPorts new SenderBase Web site gives details about how much e-mail has been sent by domain, along with IP addresses and other information associated with those domains.
The free Web service offers amazing insight into the patterns of e-mail. Yahoo is the top e-mail domain, mostly because of its HTML-based e-mail. But the SenderBase service lets you identify other top domains—to determine which are spammers. With the detailed domain and IP address information provided, administrators can use that data to develop blacklists of the top spammers.
Existing IronPort customers running the C60 Messaging Gateway can take that information one step further and easily block those IP addresses and domains directly. Whether youre a customer or not, the SenderBase Web site offers a fascinating glimpse into real-time e-mail traffic patterns.