Spearhead Security Technologies announced a product on Monday that it said will provide new levels of protection against network intrusions and denial-of-service attacks.
The product, called NetGAP, physically disconnects the corporate network from the larger Internet and forces traffic destined for the network to be routed through a NetGAP security device, thus ensuring that only secure, desired data is sent to the corporate network, according to Spearhead.
The technology works like this: To install the system, a company adds the NetGAP device to its network, sitting as the main connection to the Internet. The device, which has two CPUs (central processing units) and two security boards, is also connected to the corporate network. The CPUs and security boards are only connected, however, via a 1G-bps (bits per second) "gap," so the data arriving in the device is not immediately sent to the corporate network, as in a standard network. Rather, the first CPU terminates its network session and the data is mirrored across the "gap" to the second device.
The second device then inspects the data based on protocol, to eliminate protocol attacks. Once that data has been inspected by the second CPU and found to meet user-defined security requirements, it is allowed to continue on to the corporate network. NetGAP systems also offer DNS (domain name system) protection, policy-based security options and bandwidth control and automatic reboot features to prevent denial-of-service (DoS) attacks.
Spearhead is offering two models, the NetGAP 200 and NetGAP 300. The NetGAP 300 distinguishes itself from the 200 by including a content inspection board that searches for and filters content by keyword, as well as scanning incoming data for viruses and malicious code to keep unwanted or unsafe data off the corporate network. Both models can support up to 1,000 simultaneous users, though the devices can be clustered together to allow for greater user loads, according to the company.
Such a device is necessary because security services based on operating systems are constantly vulnerable to the discovery of new security holes, said Steve Mogul, executive vice president of business development at Spearhead. With any operating system, there will always be a security hole that someone missed, but a product like NetGAP that doesn't rely on an operating system sidesteps such issues, he said.
NetGAP, and other products like it which use gap technology, represent a "new design on security products," said Charles Kolodgy, research manager at International Data Corp. (IDC and the IDG News Service are owned by the same parent company, International Data Group Inc.) Though gap products are still a new type, they will likely see a good deal of adoption due to their access control features and their ability to segregate networks and allow for finer control, Kolodgy said.
One obstacle that might keep gap products from seeing a great deal of success is the speed degradation inherent in routing traffic through so many systems and scans, Kolodgy said.
"Performance degradation becomes a real stumbling block for a lot of these products," he said.
At least one NetGAP user hasn't found any performance degradation with the product. Hugh McArthur, information systems security officer at Online Resources Corp., an ASP (application service provider) for the financial services industry, said that his company has seen no noticeable degradation. NetGAP is easy to install and configure and Spearhead has provided excellent support, McArthur added.
Online Resources Corp. is only one of about 35 companies worldwide, including Bezec, a telecommunications company in Israel, and several government and financial institutions in the U.S., that are currently using NetGAP, said Buky Carmeli, Spearhead chairman and chief executive officer.
Companies are buying NetGAP because there is an understanding that this layer of security is missing, Carmeli said. NetGAP will fill this hole, he said, because "nothing is more secure than (something that is) disconnected."
Both the NetGAP 200 and 300 are immediately available worldwide and are priced at US$30,000 to $35,000 for the NetGAP 200 and $50,000 for the NetGAP 300.