New products focus on client security

Product announcements from three security companies underscore the growing interest in so-called "end point" security products that protect corporate networks from infections introduced by mobile or remote employees.

Symantec, Configuresoft and StillSecure will all announce new products or product updates on Monday to secure mobile computers and enforce security policies on remote machines that are trying to connect to corporate networks. These vendors are just the latest to offer a technology fix for companies plagued by worms and viruses that jump from mobile computers and home offices onto corporate networks.

Client security is "all the rage" among enterprises that are looking for ways to protect their corporate networks from workers on laptops and home computers who connect to office networks over broadband Internet connections, said Eric Ogren, senior analyst at The Yankee Group.

"Enterprises should really be taking a look at this technology to ... protect themselves and make sure that those (remote) machines are up to date and redirect them to signatures or get patched if need be," he said.

StillSecure will unveil StillSecure Safe Access 1.0, an endpoint security product that tests network devices for compliance with security policies when they attempt to connect to a network through a common gateway, virtual private network (VPN), wireless or dial-up connection. The product does not require a separate software agent to be installed on remote computers, but uses a Linux-based server to manage clients, according to Mitchell Ashley, chief technology officer of StillSecure, which is part of Latis Networks.

Administrators can choose from a number of predefined compliance tests, which verify the operating system version and the presence of fixes for vulnerabilities used by worms like MSBlaster and SQL Slammer. Safe Access 1.0 also allows administrators to create custom tests using an application programming interface (API), StillSecure said.

As devices attempt to connect to a network, they are tested for compliance with security policies, then either allowed to access the network, denied access or quarantined. Devices that remain on the network can be periodically checked for system changes that violate corporate policy or for banned applications such as file-sharing and peer-to-peer programs, the company said.

HTML (Hypertext Markup Language) templates allow administrators to customize messages and instructions for employees on resolving compliance problems that are preventing network access, reducing overhead for IT staff, the company said.

Like StillSecure, configuration management company Configuresoft of Woodland Park, Colorado, plans to announce technology to help enforce security policies.

A new version of that company's Enterprise Configuration Manager (ECM) product will automatically assess and correct configuration settings on remote machines when they try to connect to a network.

Like the StillSecure product, ECM with remote client management checks devices as they attempt to log on to networks. However, Configuresoft's technology focuses on enforcing network security policies regarding device configuration, Configuresoft said.

ECM can look a device configuration with granular detail, taking a picture of a device's configuration and storing that in a central database. The product can track up to 80,000 configuration settings for a device, and typically captures around 25,000 unique settings for workstations and 50,000 for servers, said Alex Goldstein, chief executive officer of Configuresoft.

The product does not quarantine or reject devices, but automatically adjusts configurations or installs software patches to bring devices into compliance with network security policy, Goldstein said.

In addition, the new version of ECM contains templates for assessing compliance with a number of U.S. regulatory regimes including the Health Insurance Portability and Accountability Act of 1996 and the Gramm-Leach-Bliley Act of 1999, Configuresoft said.

Meanwhile, adding its voice to the client security chorus, Symantec plans to announce a new version of its Client Security product, the company said.

Symantec Client Security Version 2.0 is an integrated antivirus, firewall and intrusion prevention product that protects machines from viruses and other unauthorized intrusions and introduces a number of new features.

A location-awareness feature will adjust client security settings depending on location, tightening defenses if a machine is accessing the Internet through an unprotected wireless "hot spot," and loosening them when the device is connected behind a network firewall, said Kevin Murray, director of product marketing at Symantec.

An outbound e-mail worm blocker in Client Security 2.0 looks for and stops suspicious outbound e-mail activity that might indicate an infection by a mass mailing worm such as Mydoom or Netsky, Symantec said.

Also, a VPN Compliancy Check feature provides an API that allows devices running Client Security 2.0 to interact with firewalls by Symantec partners such as Check Point Software Technologies Ltd. and Nortel Networks Corp. This allows administrators using those products to block access to devices that do not meet corporate security standards, Murray said.

The companies are just the latest to offer products and features to boost the security of mobile devices.

In recent months, Cisco Systems and IBM announced they were collaborating to address endpoint security for networks.

Under an agreement announced in February, IBM will joining the Cisco Network Admission Control (NAC) program, which is designed to enable Cisco routers to evaluate information, such as whether a particular computer's antivirus definitions are up to date and its operating system is adequately patched, before allowing it to connect to a network.

IBM will integrate the Tivoli security management software with Cisco products involved in the NAC program.

Microsoft indicated that it is entering the endpoint security game, also.

In an e-mail sent to the Redmond, Washington, company's customers on Wednesday, Chairman and Chief Software Architect Bill Gates said Microsoft is researching technology to inspect remote devices such as home computers that try to connect to corporate networks, blocking access for machines that don't pass a health inspection. The company is also developing active protection technologies that will adjust a computer's defenses based on changes in its "state," or block behaviors that might be caused by infection from a virus or a malicious hacker, the e-mail said.

Join the newsletter!

Error: Please check your email address.

More about Check Point Software TechnologiesCheck Point Software TechnologiesCiscoConfigureSoftGatewayIBM AustraliaMicrosoftNortel NetworksPoint Software TechnologiesSymantecTivoliYankee Group

Show Comments

Market Place