There's no sign of recession inside the halls of the San Jose Convention Center for what is the largest attendance ever at Bedford, Massachusetts-based RSA Security Inc.'s RSA Conference 2002.
Since Feb. 18, about 10,000 people have passed the bomb-sniffing dogs and armed guards at the main entrance to the conference, where integrated products are being announced in the more mature market segments of perimeter security and network assessment.
For example, Cupertino, California-based Symantec Corp. yesterday announced an all-in-one gateway security appliance for midsize businesses and branch offices. Symantec Gateway Security combines Symantec's Enterprise Firewall 7.0, its Carrier Scan antivirus technology, its intrusion detection agent (formerly produced by Rockville, Md.-based subsidiary Axent Technologies Inc.), content filtering and IPsec virtual private network (VPN).
Because the products are fully integrated, IT managers can be alerted to any relationships between these forms of network activity on one console, said Howard Leu, Symantec's group product manager. Gateway will cost between US$8,000 and $43,000, depending on the user base.
"The Gateway appliance isn't aimed at large enterprises that already have their intrusion detection, firewalls and antivirus in place," Leu said. "It's aimed at their branch offices that may have no perimeter protection, or small to medium-size businesses that haven't made those investments yet."
For those enterprises that have already invested in best-of-breed perimeter security, Sun Microsystems Inc. has just announced a similar integrated appliance, which also runs from a central management post on Sun's Solaris operating system. The product, called iForce, has integrated Check Point Software Technologies Ltd.'s VPN-1/FireWall-1, Recourse Technologies Inc.'s ManHunt intrusion detection; Trend Micro Inc.'s InterScan VirusWall antivirus; and Tripwire Inc.'s data integrity products for routers, switches and servers.
These vendors are all SunTone certified partners and comply with Redwood City, Calif.-based Check Point's Open Platform for Security (OPSEC) framework, which facilitates the interoperability.
Sun's product also offers security analysts a single view of security events and correlates seemingly disparate events, said Bruce Baiki, Internet Data Center group business manager at Sun.
"Before, security analysts used different consoles for different products, and they had no way of knowing if something going on with their intrusion detection could also be linked to a data or configuration change elsewhere on the network," Baiki said. Under the iForce architecture, however, analysts can configure the applications to flag interrelated events for more thorough remediation, he added.
Ultimately, iForce will include integration application programming interfaces for other OPSEC-certified security products, giving enterprises more choices and flexibility, said Baiki.
In the area of assessment, Foundstone Inc. in Irvine, Calif., announced the availability of an automated assessment tool called FoundScan that combines the following features:
-- Network discovery: Maps all devices running on the network -- Asset management: Inventories the applications running on those devices and determines ahead of time the vulnerabilities among those applications -- Web assessment: Inventories and assesses Web server applications for vulnerabilities -- Vulnerability remediation: Takes the findings from the scanning engine and implements fixes and patches -- Automated updates of new vulnerabilities as they ariseOne novel element of FoundScan is how it prompts administrators to stay on top of fixes. When a new vulnerability is discovered, FoundScan downloads the vulnerability and remediation information to a predetermined "owner" of the problem, said Foundstone founder, President and Chief Technical Officer Stuart McClure. McClure is also co-author of the best-selling security journal, Hacking Exposed (Third Edition, McGraw-Hill Professional Publishing, 2001). At that time, the administrator who "owns" the problem receives a trouble ticket, which is also copied to the supervisor.
The reason for the trouble tickets, he said, is that large enterprises lack an organized approach to remediation and the accountability to uphold security standards and processes.
"We have one client -- a very large bank with 200 security professionals working for it. Yet they couldn't keep on top of fixes, create an action plan for resolution or measure their security," McClure said. "Now, with remediation workflow, IT managers can actually do that."