Vendors grapple with security threats, each other

Companies need to pick and choose from a variety of security vendors to ensure they get the best products to protect their networks.

That's what a panel of security vendors told a ComNet 2001 crowd last week at the Network World Security Showdown. While some companies represented on the panel offer a range of equipment, they acknowledge their rivals may actually do a better job with individual technologies.

"Nobody has a solution to all the problems that are going to arise," said Bob Blakely, IBM Corp. - Tivoli Systems Inc.'s chief scientist for security, even though his company claims to meet all security needs. "Don't believe our marketing or anybody else's if they are obviously untrue."

Greg Smith, director of product marketing for firewall experts Check Point Software Technologies Ltd., admits his company doesn't even attempt to offer elements of network security such as antivirus protection or intrusion detection - but he couches that as a strength. By teaming with top vendors in other areas, Check Point makes it possible to build a security scheme using only the best components, he claims.

During a spirited debate, the top five security vendors as ranked by International Data Corp. sparred over which offers the best network protection, but agreed on some principles.

For instance, no single type of security - firewall, intrusion detection, antivirus software - could protect against all threats. "There is too much code and too many lines of code to block all holes," said Rob Clyde, chief technologist for Symantec Corp. enterprise solutions. They agree that firms cannot look at security as a one-time event; they must constantly review and improve defenses.

Company executives need to be more wary than ever as they open their networks to legitimate business partners because at the same time attackers are becoming more sophisticated, the panel agreed.

"You are letting strangers in to operate your machines," Blakely said. Some of those strangers are there on legitimate business, but others are there to cause mischief or worse.

Panelists tried to poke holes in each other's products. For instance, Blakely pointed out that Computer Associates International Inc.'s eTrust products must be present in all networks crossed in, say, an e-business transaction in order to be effective. Simon Perry, CA's vice president of security, acknowledged that was true, but countered that would not be a problem if companies did as they should and carried out security analyses of business partners' networks. Based on the results, they can then defend their networks. He recommended compartmentalizing corporations to isolate the resources business partners have access to.

Some promising new technologies being touted by these companies still need development, the vendors admitted. For instance, Marvin Dickerson, Network Associates Inc.'s director of product management, said his company's CyberCop Sting software, which redirects hackers to a decoy machine that appears to be the enterprise network, is still intended for a small, select group of firms. Only major financial institutions and "three-letter organizations in government" would need to bait attackers to trace them, Dickerson said.

Likewise, CA's Neugent technology, which mines network data and promotes security improvements based on detected changes to network use, is not a cure-all, but a tool to be used along with firewalls and antivirus software, Perry said.

Check Point's Smith said his firm recognizes the need for faster firewalls and VPNs as Internet connections from companies get larger. He promised 1G bit/sec firewall and VPN protection by year-end.

When it came time to grill each other, several panelists questioned whether others had coherent product lines. For instance, to give customers a wide choice of security options, Symantec bought Axent, bringing firewall, VPN, vulnerability assessment and intrusion-detection products to Symantec's line of antivirus and content-filtering software.

But Clyde acknowledged the company is still working to integrate products.

Network Associates' Dickerson noted that his firm has grown dramatically through a string of purchases of other security vendors.

That poses challenges, according to Check Point's Smith: "They did the acquisitions, now you have to trust they do the integration."