ISS Raises Security Platform

RealSecure Protection System improves accuracy; Fusion technology determines success vs. failure.

After more than three years of development, Internet Security Systems Inc. this week will deliver an ambitious security platform and product road map that it said will deliver the first truly integrated security solution for all aspects of a companys network.

Known as the Real- Secure Protection System, the architecture and solution set is designed to meet the growing need for converged security services brought about by the continued blurring of the lines between intranets, extranets and the Internet.

The platform is divided into three levels—desktop, server and network protection—and can be purchased directly from resellers or as a managed security service delivered by ISS, of Atlanta. Each level comprises five modules, such as scanning, a virtual private network client, a malicious-code defense, intrusion detection and active blocking for the desktop portion.

All these modules are tied together through ISS new Fusion technology, which correlates data from all the different pieces to improve their accuracy and then communicates the information to the central management server. The information is then displayed in a lightweight GUI-based application from which the security operator can centrally manage all the users and machines on the network.

Instead of a traditional anti-virus product, ISS chose to include its malicious-code-defense software based on the assumption that viruses in the future will be scripts and applets.

The core of the platform is the Fusion technology. Its main task is to pull vulnerability and attack data from all the machines and applications on the network and then compare the holes with the attacks to verify the success or failure of the intrusion.

The idea is to trim the number of false positives that security operators have to deal with. During testing, the system reduced the number of total alarms raised by the security system by 80 percent, officials said.

Users like the idea, with one caution.

"The danger with big, all-in-one packages like that is that if it fails, everything fails. It could leave you wide open," said Kevin Baradet, an eWeek Corporate Partner and network systems director at Cornell Universitys SC Johnson Graduate School of Management, in Ithaca, N.Y. "No ones package can catch everything, and everyones will catch something different. Its not something I would want to use without testing it extensively against a best-of-breed system."

Although ISS has had the Protection System in development for several years, the final piece of the puzzle came when the company acquired on April 30 Network Ice Corp., a San Mateo, Calif., provider of desktop intrusion-protection technology.

Until then, ISS had been focused exclusively on the network and server markets.

The RealSecure Protection System is available now, although the Fusion technology wont ship until next quarter.