Enterprise Security, Compliance Prove Hot Topics at Demo

A range of security software and services take the stage at the Demo conference on emerging technologies. Several companies showcased solutions aimed at boosting compliance for archiving e-mail as well as when sending messages.

SCOTTSDALE, Ariz.—Enterprises seeking new ways to secure their infrastructures and assets were rewarded Monday with introductions of new software and services at the Demo conference here.

Like last year, Demo offered a proving ground for vendors trying to create a buzz around security and compliance technologies ranging from a single sign-on solution from Imprivata Inc., to Audiotrieve LLCs OutBoxer, which analyzes outgoing e-mail messages to reduce liability concerns.

/zimages/3/28571.gifClick here to read about mobility tools and services, and real-time data applications, showcased at the Demo conference.

A number of products showcased Monday focused on ensuring that the right people can access corporate assets. KoolSpan Inc., for example, demonstrated SecurEdge TrustChips, a smart card-based network security system. Once embedded into a device such as VOIP (voice over Internet Protocol) gear, servers, or gaming devices, TrustChips can secure communications—wired or wireless—by implementing 2-factor authentication and 256-bit AES encryption. KoolSpan is based in Bethesda, Md.

Looking to make access to applications easier for end users, Imprivata, of Lexington, Mass., introduced Imprivata OneSign, an enterprise-class single-sign-on appliance that allows IT organizations to grant users access to an array of applications using one username and password. The product integrates with authentication methods such as strong passwords, ID tokens, and finger biometrics.

Still, it doesnt matter how locked down the front door is if applications arent secured.

According to Cenzic Inc. CEO John Weinschenk, it was a Web application attack two years ago costing the company over half a million dollars that provided the impetus to create Hailstorm 2.0, an application vulnerability management and policy compliance solution launched at Demo. Hailstorm 2.0 automates the process of application penetration testing by emulating hacker behaviors and assessing the vulnerability of applications.

"Automated vulnerability testing is cost effective but not necessarily very reliable," said Chris Shipley, the executive producer of Demo. "Manual testing is reliable but not very cost effective. This product is able to prevent vulnerabilities in Web-based applications."

A number of products introduced also focused on the ability for corporations to ensure compliance on issues from Sarbanes-Oxley to internal human resources policies.

Fortiva Inc., of Toronto, Ontario, announced its Fortiva Archiving and Compliance Suite, an e-mail archiving and compliance product that enables enterprises to manage their e-mail and meet compliance regulations at the same time.

The hosted solution integrates with Microsofts Active Directory and Exchange server, company officials said. The message archiving package addresses data privacy by allowing users to encrypt and index data—using Fortivas DoubleBlind Encryption technology—before sending it to Fortivas network for archiving.

Another product that may keep some enterprises out of hot water is OutBoxer 1.0 from Audiotrieve LLC, of Boxborough, Mass. By using advanced language technology to analyze outgoing mail messages, OutBoxer can ensure e-mail doesnt violate privacy or harassment laws, and that messages meet government regulations such as HIPAA (Health Insurance Portability and Accountability Act) and the Gramm-Leach Bliley Act.

Meanwhile, Cloudmark Inc., of San Francisco, introduced a beta of its Cloudmark SafetyBar. The solution, which supports Microsoft Outlook and Outlook Express, provides consumer and corporate users with a rating that gauges a Web sites trust based on feedback from a community comprising more than 1.2 million Cloudmark users.

/zimages/3/28571.gifMicrosoft and eBay have announced an early warning network for phishing attacks. Click here to read more.

"This company, known for smart anti-spam technology, is now taking that and applying it to email fraud," said Demos Shipley. "While we tend to think [e-mail fraud] is affecting individuals, it costs corporations a great deal of money and time."

Cloudmark SafetyBar for IE is currently in beta release and will be widely available for free in March.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.