Symantec Gateway gets Common Criteria

Symantec Corp.'s Gateway Security device, which the company is touting as an integrated defense against the growing threat of blended Internet attacks, has received the Defense Department's Common Criteria certification.

The Evaluation Level 4 (EAL4) status applies to the company's Gateway Security 5400 Series v2.0 product, what Symantec officials describe as a full-inspection device that wraps firewall, antivirus, intrusion detection, content filtering and virtual private network capabilities into a single unit.

Such devices, company officials say, counter the growing problem of application level threats, which firewalls that use packet filtering to scan traffic only at the network level can't catch.

Full application inspection, or content filtering, examines the content of data packets for anomalies and hidden threats, rather than just scanning the headers of the packets as they pass through the firewall.

The company's officials also claim that the integration of security detection that Gateway Security provides is vital to catching blended attacks, which they say are now the majority of network threats they are detecting.

Blended threats use a combination of malicious code and system vulnerabilities to attack systems. Instead of an e-mail worm that simply takes addresses from someone's e-mail address book to broadcast itself to hundreds of others, for example, a blended attack could also include an executable file that would open a backdoor in the user's system, making it vulnerable to other kinds of intrusion.

According to Symantec, more than half of the security threats detected in 2003 were of this blended variety.

Common Criteria certification is required by DOD, and increasingly by other federal agencies.

Brian Robinson is a freelance journalist based in Portland, Ore. He can be reached at hullite@mindspring.com.