Protocol eases networking across firewalls
- 09 November, 1998 12:01
Several major security application vendors are close to presenting a new API, titled the Common Content Inspection API (CCI API), which will streamline message processing across multiple network border security products, at the iBand Conference, in San Jose, California, next week.
The resulting interface could make transmissions, such as message traffic, move faster.
The API, under development by representatives from Symantec, Check Point, Aventail, and Finjan, is intended to allow security vendors to provide integration between "traffic cop" applications, such as firewalls and routers, and content inspection applications, such as anti-virus and mobile code scanning.
Other members involved in the API's creation include Cisco Systems, Microsoft, IBM, Hewlett-Packard, and Network Associates.
With CCI API, incoming content will be routed through a security network to only the applications that need to process the information, thereby reducing performance bottlenecks.
"You have a firewall and you want to have a caching proxy for all your HTTP information, you want to have an anti-virus server at the gateway and you want to look at mobile code. If all the same traffic had to go through the same firewall, you have a problem," said Penny Leavy, vice president of worldwide development and marketing at Finjan. "This will allow you to filter off the security to the appropriate security device."
A higher degree of interoperability between firewalls and routers with content inspection devices will increase a corporation's capability to monitor content flowing both in and out of its organisation.
"We really want to make sure that the corporation doesn't receive or send anything that is going to damage data and that they have access to the data all the time," said Bob Puckett, principle software engineer at Symantec.
Check Point will announce next week at its Partner Exchange in Monterey, that it will provide its Content Vectoring Protocol API to the group for inclusion in CCI API.
Analysts said they believe CCI API backers can make the system work.
"You've got a good mix of the players involved, representatives in the firewall and the content inspection community, so you've got a good chance that whatever they come up with will be used," said Phil Schacter, senior analyst covering security at the Burton Group, in Utah.
After the group's meeting at iBand, the API will be presented for comment, but there is no date set for a final release. Technical data on CCI API can be found at www.stardust.com/cciapi.