Blocking the bad guys; Pardon the extrusion; Securing a wireless world
Malware is getting ever more insidious. Gone are the days when an attack simply consisted of a virus. Today’s malware attacks unleash combinations of viruses, worms and varieties of spyware.
The new Content Security Gateway 1500 Version 2.0 anti-malware appliance from CP Secure combines the functionality of several products into one. It provides comprehensive protection against spyware, viruses, worms and other malware that attack through high-volume Web and e-mail traffic.
“Anti-spam, antivirus, anti-spyware, content security and URL filtering are all in the same place and all together,” said David Lu, president and chief executive officer at CP Secure.
The appliance resides at the Internet gateway, which allows it to scan all incoming traffic. “Sitting at the gateway is key because a lot of the [malware] traffic is sneaky,” Lu said. An appliance located elsewhere might miss some types of attacks such as worms spread via spam e-mail messages.
The product uses CP Secure’s patent-pending scanning technology called stream-based scanning. Unlike typical batch-based technology that begins scanning only after an entire file arrives, stream-based technology begins the scan as soon as the first part of the file comes in and continues scanning the data.
At the same time, another thread begins to output the scanned data. Because the receiving, scanning and outputting processes happen concurrently, network performance is higher. According to CP Secure, the technology scans files as much as 12 times faster than traditional products do.
The Content Security Gateway 1500 complements existing endpoint security products and works in conjunction with firewalls and intrusion detection and prevention systems.
“Government customers told us they already have environments that are pretty complicated and hard to manage, so they don’t want to have to change anything,” Lu said. “They wanted a solution they can just plug in and it will work, and they don’t have to reconfigure or reroute anything.”
Pardon the extrusion
Intrusion prevention products keep unwanted traffic from flowing into a network, but how do you control traffic that administrators don’t want flowing out? Checking that traffic is now the domain of extrusion prevention products. Fidelis Security Systems, which makes extrusion prevention systems, has released the latest version of its product, DataSafe Version 3.8.
DataSafe prevents the unauthorized transfer of sensitive information across all channels on gigabit networks. Those channels include e-mail, Webmail, HTTP, FTP, instant messaging and peer-to-peer communications.
DataSafe can also prevent network traffic that violates policies, a feature that is especially beneficial to government users.
The product analyzes the core content of a network session in real time and prevents the traffic from flowing before the session occurs. For example, it can detect protected information in a word-processing document in a Zip file as someone posts it to a Webmail session.
DataSafe is port- and protocol-independent and can handle bidirectional traffic at greater than gigabit speeds.
New features in this version include policy templates for Defense Department data classification and advanced Webmail decoding, detection of encrypted documents and recognition of images embedded in files.
Securing a wireless world
The federal government has moved from a complete moratorium on the use of wireless technology to allowing agency officials to evaluate commercial products that could help boost wireless local-area networks as a mainstream form of communication.
Aruba Networks wants to make sure those WLANS are secure. The company just achieved Federal Information Processing Standard (FIPS) 140-2 Level 2 security validation for 802.11i wireless systems from the National Institute for Standards and Technology.
802.11i is an Institute of Electrical and Electronics Engineers WLAN security standard that provides advanced authentication and encryption functions to protect WLANs from cyberattacks. Aruba has been validated for correctly implementing the Advanced Encryption Standard and Cipher Block Chaining Message Authentication Code algorithm in hardware, company officials said.
Aruba is the first wireless vendor to earn FIPS validation for 802.11i, said Merv Andrade, the company’s chief technology officer. He expects other vendors to follow. Andrade said Aruba’s integrated system makes it easy to deploy standards-based wireless technology throughout an organization. Aruba offers encryption, a firewall, intrusion detection and prevention, and virtual private networking in a mobility controller that sits within a data center.
Other wireless vendors distribute security via different devices such as access points, controllers and firewalls. Each device must be revalidated if security changes are made, Andrade said. “Aruba takes [that problem] out of the picture entirely,” eliminating the need for agencies to deploy and manage different systems, he said.
FIPS-validated controllers — the 800 low-end controller and the 6000 that can support up to 512 access points — are available immediately through federal integrators and resellers and through the General Services Administration schedule contract.
Rutrell Yasin contributed to this article.
NEXT STORY: Cyberattackers can exploit Pentium self-defense