<< Back to article Print this page Loading page, please wait...

NAI plans active security initiative

Matthew Nelson (Computerworld)
01 March, 1999 12:01

Network Associates Inc (NAI) will formalise its plans to produce an Active Security Network to allow security applications to communicate.

NAI will introduce the Active Security Initiative at the Network Associates Coliseum in Oakland, California, on April 5.

The Active Security system will allow NAI security applications -- such as antivirus, intrusion detection, and firewalls -- to alert each other in case of attack and respond appropriately.

Since NAI first broached this topic last September, the company has expanded this initiative.

In addition to managing certificates, NAI hopes to promote intervendor compatibility by tightly integrating public key infrastructure (PKI) technology.

The initiative will include enhancements to NAI's Gauntlet Firewall, PGP Encryption, and CyberCop lines of products and will add PKI capabilities to each application.

The company will also announce expansions of its partnerships with several PKI companies, including Entrust Technologies and VeriSign.

Last September, NAI announced it was working with these two vendors to ensure that their respective PKI implementations would interoperate when used with NAI's NetTools Secure suite of products.

To provide interoperability among different vendors' security products, however, NAI realised that stronger integration would be required beyond using only connections made via APIs, according to Zach Nelson, executive vice president of worldwide marketing and alliances at NAI.

"API integration doesn't really work at the end of the day," Nelson said. "There are a couple of reasons why the arm's-length API thing is not the approach that is going to win in the long run."

The integration of PKI into interoperable network security applications, especially differing vendors' applications, has the potential to greatly expand the reach of security within a network, analysts said.

"One of the things that you can do to tie all those things together is integrating PKI technology," said Abner Germanow, a research analyst at IDC.

"If you can picture a common directory that uses a certificate authority and digital certificates to ensure the integrity of all members of the directory, and if you take that infrastructure that you built there and extend it out across the enterprise, you can use that information to not only ensure the integrity of applications but you can also use it to manage the existing security products," Germanow added.

Network Associates Inc, in California is at www.nai.com.

* NAI security APIs exist at the network level, the server level, and at the application level.