Devices Tackle Multiple Security Jobs

Nokia and Broadcom offer security tools that combine multiple security functions in a single offering.

As IT staffs continue to look for ways to stretch their security budgets, vendors are readying new products that combine multiple security functions in a single offering.

Nokia Corp. and Broadcom Corp. next week will introduce products that take discrete capabilities normally found in several different devices or applications and weave them together. Although the companies take different approaches, the goal is the same: to reduce the number of security devices IT staffs have to manage.

Nokias Internet Communications division this week plans to introduce its Secure Access System, a line of appliances based on the Espoo, Finland, companys software security platform and IPSO hardened operating system. The boxes are designed to provide security functionality that allows remote and mobile users to access corporate networks. The heart of the system is an SSL (Secure Sockets Layer)-based VPN (virtual private network) that provides a connection to all of a users corporate applications, including e-mail, client/server software and enterprise applications.


Details of new security offerings:

Nokia Secure Access System
  • SSL-based VPN
  • Client integrity scan
  • Two-factor authentication
    Broadcom switches
  • Stateful inspection firewall
  • Hardware-accelerated VPN
  • Internet Key Exchange acceleration
The VPN is accessible from any Web browser, providing users a way to get to their data even from public computers. Which applications users can access, however, depends on which machine theyre using.

Each time a user connects to the corporate network using the VPN, the Nokia software performs a client integrity scan on the users machine. The scan checks the client certificate to determine whether the user is on a company-owned PC, a home machine or a public machine. Administrators can set different rules for each of the scenarios, enabling access to any application from company-owned PCs, for example, while allowing access to e-mail only from public machines. The scan also checks whether the machine has anti-virus software or a personal firewall running and can identify malicious processes and files such as SubSeven or BackOrifice.

Analysts say the Nokia solution addresses some persistent problems in corporate networks.

"This is a good quick-and-dirty way to apply policy to some unknown end point. Thats the big question: How much security is enough on an end point?" said Pete Lindstrom, an analyst at Spire Security LLC, in Malvern, Pa. "And I love the idea of looking at what processes are running."

For its part, Broadcom, based in Irvine, Calif., will unveil a line of secured switch processors for wired and wireless enterprise networks. The BCM5830 and 5834 have both a stateful inspection firewall and a hardware-accelerated IP Security VPN. The processors, which are meant to serve as a kind of router-on-a-chip, can also perform Internet Key Exchange acceleration.

The processors will be able to handle up to 150M bps of encryption throughput for Advanced Encryption Standard or Digital Encryption Standard operations and can perform as many as 200 RSA 1,024-bit key exchanges per second.

The processors are part of Broadcoms Sentry5 product family and will be available in large quantities next quarter. The Nokia Secure Access System is available now, with prices ranging from $6,500 to more than $60,000, depending on the number of concurrent connections the box can handle.