Centrax brings NT-based security to fed market

Armed with an executive team with roots in the government technology market and an intrusion-detection product designed specifically for Microsoft Corp.'s Windows NT, Centrax Corp. is the newest player in the federal information security arena.

Centrax last week formally announced its operations and the shipment of its first product suite. At the helm of the new San Diego-based firm are two co-founders with a combined 28 years of federal information technology experience at Science Applications International Corp.

Thomas Trebelhorn, president of Centrax, spent 18 years at SAIC, where he managed various Navy and joint service projects related to secure communications. Paul Proctor, Centrax's chief technical officer, spent 10 years at SAIC, where he directed the deployment of intrusion-detection technology at several large federal installations.

These two co-founders— along with the company's new chief executive officer, former Meta Group Inc. vice president Christian Byrnes— plan to focus their efforts on the federal market, while the company's sales force will be focusing on the commercial market.

This executive team soon will be joined by other sales representatives devoted to the federal market when the company finalizes plans to open a federal sales office, Byrnes said.

Centrax also has plans to offer its products via a General Services Administration schedule. Several Defense and intelligence agencies, which he declined to name, have been evaluating the company's eNTrax intrusion-detection and security configuration assessment product suite.

The suite, which is designed specifically for Windows NT, is geared toward monitoring, detecting, reporting and stopping unauthorized use of agency systems. Support for Unix is planned before the end of 1998.

Suspicious Activity

Designed to manage everything from critical file access to unauthorized use of system resources, eNTrax's detection and response capability will alert systems administrators to suspicious activity and provide automated and manual attack responses, including disabling the account, logging the user off or shutting down the workstation, according to Byrnes.

Byrnes said the company plans to distinguish itself with its host-based intrusion-detection products vs. other companies' network-based offerings.

While network-based products allow effective analysis of all unencrypted data across a network, host-based products provide a more in-depth look at potential intrusions because the technology analyzes actual work-related activity through agents located on every server, he said.

"A network-based intrusion-detection tool can tell you there's a hacker coming in to copy a [file transfer protocol] file," Byrnes said. "We can tell you on the server which file [the hacker is] touching and what he's doing there."

In addition to tracking down external hackers, the company's suite also is designed to ward off internal users who may be attempting unauthorized access of agency systems, Byrnes said.

"Some of the imperfections are in the computer; some are in the people," he said. "We watch both. Did you make a change? Did you go out and try to copy things you're not authorized to copy? We watch behavior. We never watch content."

Jim Hurley, managing director of Aberdeen Group's information security practice, said Aberdeen has projected that the $50 million intrusion-detection market in 1997 would double to more than $100 million in 1998, leaving room for many players in this arena.

Hurley said Centrax's success or failure in this market will not be determined by its technology as much as it will be dictated by the company's market position, which he described as "pretty formidable."

"The people running the company have been in the intrusion-detection business since 1987," Hurley said. "They know what they're doing."