NetContinuum unveils all-in-one Web gateway

NetContinuum Inc., a new security company that debuted last week, unveiled a network appliance that could represent the wave of the future in Web security.

The Santa Clara, Calif.-based company introduced the NC-1000 Web Security Gateway that combines several key security functions into a single box that can perform tasks at wire speed.

Web traffic is becoming increasingly sophisticated and the corporate firewall — the first line of defense for networks — cannot inspect all the traffic that flows through its gates. Firewalls and network intrusion-detection systems are designed to protect against network-based attacks but aren't equipped to prevent attacks coming through Web browsers.

To solve that problem, the NC-1000 can be deployed behind the firewall to inspect all Web traffic coming through Internet server port 80 — the port that experiences the majority of cyberattacks. The security gateway can either block the traffic or send it to back-end Web applications, said Wes Wasson, NetContinuum's vice president of marketing.

The NC-1000 gateway represents the next evolution in security appliances by combining several features, said Peter Lindstrom, research director at Spire Security, a consulting firm based in Malvern, Pa. The product combines the power of a Secure Sockets Layer (SSL) encryption accelerator and Web application firewall with some Web access control, he said.

NetContinuum manages Web traffic as well, he said. "They do this all on a [micro] chip in a box positioned on the network perimeter, so Web applications are protected. It's fascinating," Lindstrom said.

Using the NC-1000, an information technology administrator can encrypt entire Web sites using SSL without requiring changes to back-end applications or servers. SSL encryption normally slows down Web servers, so IT managers usually offload encrypted traffic to hardware accelerators to speed up server performance. The NC-1000 can terminate incoming TCP sessions, and it automatically encrypts and decrypts URLs, handling 1 million simultaneous TCP sessions and 6,000 SSL transactions per second, Wasson said.

The gateway also provides "Web site cloaking" capabilities that make Web applications and servers invisible to hackers. Additionally, the NC-1000 can block network layer attacks, such as denial-of-service attacks and SYN floods, and stop application layer attacks, such as cookie poisoning and URL manipulation.

The heightened concern for security among federal agencies has helped NetContinuum make some inroads into the public sector.

The Navy Federal Credit Union is beta testing the gateway on its online payroll Web site, Wasson said. Encrypted traffic can bring the site to a crawl as the credit union serves its 2 million users during pay periods. Using the NC-1000 has given the site five times the performance it had before, Wasson said. The Interior Department will be the first federal agency to purchase the gateway, he added.

The NC-1000 comes in two versions. The NC-1000-C 10/100 costs $28,000, and a gigabit NC-1000G costs $38,000.