Responding to the growing security threat of blended attacks like the Nimda and Code Red worms, Internet Security Systems (ISS) and Network Associates Thursday said that they will integrate a number of their products and research teams, as well as offer some new products, with an eye toward providing customers with more comprehensive security protection.
The three-year partnership will have the companies combine Network Associates' (NAI) Sniffer network detection and analysis software, McAfee antivirus software and ePolicy Orchestrator management system with ISS' RealSecure IDS (Intrusion Detection System) and SiteProtector management console to provide customers with better network analysis and security tools, said George Samenuk, NAI's chief executive officer during a conference call Thursday morning.
As a consequence of the integration, NAI will offer a series of new products based on a combination of the companies' offerings in 2003, Samenuk said. In the first quarter of 2003, the Santa Clara, California, NAI will ship a new IDS product built on Sniffer and RealSecure, which will integrate into the Sniffer management system, he said.
In the first half of that year, Network Associates will also ship a new version of ePolicy Orchestrator that will allow companies to identify and block blended threats through the coordination of policy, antivirus and IDS data using the McAfee antivirus software and RealSecure IDS, he said.
ISS, for its part, will integrate antivirus software from NAI's McAfee division into the RealSecure server and gateway sensors products, said Tom Noonan, chairman and chief executive officer of ISS, based in Atlanta, on the same conference call. ISS will also update its SiteProtector console to manage McAfee antivirus updates and distribute them to its RealSecure sensors, he said. Lastly, ISS will offer McAfee's antivirus protection as a managed service for gateways and desktops, he said.
In addition to cooperation on products, the two companies will also be coordinating the operations of their threat research and response teams, Samenuk said.
NAI's AVERT Labs and ISS's X-Force will work together to respond to emerging threats and will "create the largest private Internet threat response team in the entire world," Samenuk said.
The smooth compatibility of antivirus software and IDS is needed more than ever as hackers and virus writers are increasingly becoming the same group, instead of the two distinct groups they had once been, ISS's Noonan said.
"ISS has been really focused on the spectrum of threat convergence for a long time," he said.
Attacks like Code Red and Nimda, which had some of the hallmarks of traditional viruses and worms, also exploited security vulnerabilities in order to further their spread.
The combined products will offer companies "a better way to detect and respond to attacks on their systems," said NAI's Samenuk. The offerings from the two companies will be "a great set of products that map perfectly to problems (companies) are facing," he said.
The deal "makes complete sense," said Peter Lindstrom, senior security strategies analyst with the Hurwitz Group Inc. in Framingham, Massachusetts.
The combination of the companies' products offers "a very clear complementary approach, particularly as viruses and hack attacks become similar in nature," he said, pointing to the similarity between the use of signatures in antivirus software and IDS to block attacks.
The announcement also signals that the companies are beginning to think about security across more platforms, rather than deep protection on only one platform, he said.
"We're starting to see talk about breadth now," he said. "For the longest time, these guys were talking about depth. Security is about breadth."
"It's clear that point products have a limited life in the security space ... and people have to be thinking solution-oriented," he said. This sort of integration offers customers that kind of broad package, he added.
Though it's "very hard to find a downside" in the announcement, Lindstrom did caution that there could be some problems.
"The big risk is that this is all talk," he said, and that deployments of the new products will be harder than the companies expect, or that cultures of the two firms will clash.
Despite this concern, Lindstrom is enthusiastic about the development.
"This is not an end-game announcement," he said, "it's a beginning announcement."