Companies to watch in 2001 | |
SC Magazine - January 2000 - Cover Story | |
by Illena Armstrong | |
Pleased sighs of relief were heard throughout information technology departments, from the U.S. to Japan, at about this time last year. It was in that instant that all IT and security administrators, for the most part, were collectively patting one another’s backs upon successfully averting a Y2K catastrophe. At ease with this interval of breathing space after, in some cases, years of planning for the 2000 bug, many managers decided that they would dwell on the long and drawn-out technological fight awaiting them |
|
another time. The new predicament they came to gradually confront dealt with matters surrounding infosecurity. Most professionals now readily understand that these issues form an enduring and far-reaching problem, not dependent on a certain date, that will end in plenty of trouble being delivered to their businesses. With some analysts, such as Bear, Stearns & Company, Inc., predicting that the Internet security marketplace could reach $15 billion worldwide by 2004, it is obvious that not only are IT administrators comprehending the caliber of new cyberthreats, but their bosses are also doing so. The company states that the rush to engage in e-business is forcing security to be a number one priority for organizations everywhere. To be sure, the steady doling out of dollars will only continue on this upward trend as a result of a corporate-wide realization that technology and the Internet will spawn the future global economy and, eventually, become standard ways of devising and sealing business deals. Still, some organizations, whether in the States, Germany, Singapore or any other country, are struggling with the huge task of differentiating sound security vendors from the here-today-gone-tomorrow types. Additionally, it is proving tough for executives and administrators, even now, to effectively ascertain what combinations of security products and services their firms truly require to maintain flourishing e-businesses. To aid them in their search for the best security technologies and the companies that offer them, this edition of SC Magazine forecasts the hot happenings, technologies and companies of 2001. In Technologies to Watch in 2001, a complementary feature to the cover story, respected industry analysts explain what they believe to be the security tools and services organizations should tirelessly examine as they engage in business-to-business (B2B) and business-to-consumer (B2C) activities. And though one of our analysts predicts that managed service providers (MSPs) will be employed by corporations more frequently this year, it was concluded that this area of information security warranted a more in-depth look by way of a separate feature, MSPs Flex their Infosecurity Muscles. Surges in Security The infosecurity solutions and services coming around the bend appear to be more of the same. The difference, however, is that many of the technologies, like public key infrastructure (PKI), biometrics and smartcards, repeatedly foretold in recent years to be massively taken up by organizations all over the globe, may really catch on in 2001. This adoption of stronger security mechanisms, experts contend, will happen none too soon, given that cyberassaults in this and coming years will be more targeted and extremely disastrous for the business world. The attacks of the past 365 days have been catalogued and dissected ad nauseam. Yet, the many times an item about a hacker breach or a DDoS attack hit mainstream publications, what companies were actually doing about the risks was often overlooked. How can organizations prevent that confidential information from being compromised again or their brand name from being soiled once more? Myriad anti-virus, intrusion detection system (IDS), virtual private network (VPN), biometric, content security, PKI and trusted operating system providers, as well as a multitude of other security companies are looking for buyers. Though none can say they have the cure that will fully treat all the security ailments any one company may face, they all have infosecurity expertise and specialties that together may very well fortify an enterprise for years to come. Bob Lonadier, director of security strategies for Hurwitz Group, an analyst firm, states that the information security marketplace is just getting started. Top-level executives are seeing the successes they can reap from use of the Internet and related technologies, but now with increased and well-publicized security assaults, they are also realizing the countless problems that arise with inadequate security. Besides wanting to spend their monies more effectively, companies also want the products and services they buy to truly protect them. They want to be assured that they won’t be receiving a call in the middle of the night from the IT security administrator explaining they’ve been infiltrated by a virus that will take days or weeks to clean out. Instead, they envision the IT security manager telling them the next day that a virus infection was sidestepped due to a strong product they invested in and strong policies they implemented. Three distinct divisions in the security market will answer these customers’ wants, says Lonadier. Category Killers: These solution providers are focused on a needed security niche. They flourish by dominating that grouping. With this specific niche success, they may eventually expand their baseline offerings. Security Aggregators: These vendors specialize in various point solutions that can be managed easily by an IT administrator under one umbrella. They offer one-stop-shopping for the variety of security tools that many companies desire these days. Security as a Service: Though really just beginning, MSPs will take away worries from the company by overseeing their security needs on a fee basis. They follow general technological trends. Whatever companies decide to outsource, the MSP option should be part of a corporation’s overall security policy and program – not necessarily the whole kit and caboodle. “It’s all around reducing complexity,” Lonadier says of infosecurity trends. “Executives are looking at the plans for [2001] and are saying, ‘Gee, I’m getting more efficient in every aspect of my IT expenditure, except security’.” Intrusion Detection Last year, SC Magazine foresaw intrusion detection systems improving, thereby playing more prevalent and key roles in organizations’ overall security. While longer-lived companies, such as Internet Security Systems (ISS) (www.iss.net), Network Associates’ PGP Security (www.pgp.com) and Computer Associates (www.ca.com) continued their strong leadership positions in this area, other companies also saw a great deal of play and respect bid to them. The further development of AXENT Technologies’ NetProwler (www.axent.com) should be watched carefully over the course of this year. Having been acquired by Symantec Corporation, the AXENT division may very well exploit its new owner’s vulnerability assessment technology, which automates the detection and correction of machine and network hole and virus update infrastructure, to enhance NetProwler’s detection of network intrusion. Theoretically, such automation could back the IDS by sending it ‘cures’ when it detects a breach. By launching Tripwire HQ Manager late last year, Tripwire Security (www.tripwire.com) has created a central management tool that enables companies to easily monitor their network over multiple platforms. Providing such functions as centralized reporting, database generation, creation and distribution of policies and much more, this tool makes Tripwire a key player in allowing corporations to control the integrity of their systems. The likes of Cybersafe Corporation (www.cybersafe.com), with its Centrax software, has seen increasing growth. In addition to offering this real-time monitoring solution, they have entered the service arena by partnering with Counterpane Internet Security, Inc. (www.counterpane.com), a strong MSP in this arena. International Intrusion.com (www.intrusion.com) and Atlanta-based METASeS (www.metases.com) are other MSPs offering strong monitoring and response services. Derivations of IDS companies are also finding customers. ClickNet Security Technologies (www.clicknet.com) is a growing contender in this area. It touts its entercept software as a proactive intrusion detection tool that uses a security-rule-based engine to identify potentially hazardous operations. When malicious activity is detected, the predefined reaction is executed and a log with comprehensive detail about the attempt and reaction is sent to the control station. This company has seen much growth and recently partnered with Cisco Systems (www.cisco.com) to support its SAFE e-Business Security Framework. Recourse Technologies, Inc. (www.recourse.com) is another vendor that has an interesting dynamic to detecting intrusions. Its ManHunt and ManTrap products protect networks by covertly gathering data on the hack attack, while also determining the attack source. Also a fighter of breaches, Top Layer Networks’ (www.toplayer.com) AppSwitch works with a company’s existing firewall and IDS to help prevent network intrusions. More companies to watch include NFR Security, Inc. (www.nfr.com), Hiverworld, Inc. (www.hiverworld.com), Network ICE (www.networkice. com), CyberTrust (acquired in 1999 by Baltimore Technologies as a means of enhancing product offerings) and LANguard (www.languard.com). For telecommunications IDS, look to eNetSecure (www.enetsecure.com), Sandstorm Enterprises, Inc. (www.sandstorm.net) and SecureLogix Corporation (www.securelogix.com). Another vendor of note, Harris Corporation (www.STATonline.com), specializes in vulnerability and risk assessment to better Internet and network security through their Security Threat Avoidance Technology (STAT) product line. Access Control and Remotely Connecting Protecting all of a company’s information can be an overwhelming task. Though management of access can have different meanings for different people, here it applies to web, server, network and applications access control. The increased importance of these solutions may be attributed to the rise of B2C commerce and B2B dealings. Evidian, a BullSoft Groupe company (www.evidian.com), is trying its hand at protecting corporate information on the Internet and within the enterprise with its AccessMaster solution. A security management solution, it provides web authentication and authorization technology that permits users to access multiple web and enterprise applications with one log-on and one password, among other features. The tool presents application security, while also reducing the workload of the administrator and increasing convenience for end-users. Securant Technologies (www.securant.com) has a booming business that has seen astounding growth in the past several months. The ClearTrust SecureControl suite is rules-based in managing application access to web-based applications. The product proves ideal to companies engaging in B2B by providing user authentication, authorization, true single sign-on, delegated administration, application-level threat detection, policy assessment and auditing. Netegrity’s (www.netegrity.com) SiteMinder is another reliable tool for organizations wanting to securely and centrally manage B2B, B2C and intranet portals. Offering seamless integration with partner sites, it also personalizes access and use for each customer. Netegrity signed agreements with 46 new customers in the third quarter, and now has 250 customers worldwide. Watch this company experience further growth over the next year, especially as the need for secure portals in e-business exchanges continue to rise. Though perhaps not thought of as a pure access control vendor, Sanctum, Inc. (www.sanctuminc.com) is a company to watch when it comes to protecting web sites from unwanted intruders. Sanctum’s web application security software, AppShield and AppScan, secures and monitors web applications for potentially malicious behavior. E-businesses are safeguarded against assaults ranging from site defacement or compromise of customer information to theft of products or corporate espionage. There are a number of companies offering similar access control tools and other products allowing for secured remote connections. Some to keep in mind as you search for the right solutions include RedCreek Communication, Inc. (a hardware provider of VPN and firewall solutions, RedCreek acquired Internet Dynamics, Inc. to offer Conclave, a policy-based access control tool) (www.redcreek.com), Sygate Technologies, Inc. (www.sygate.com), Gilian Technologies (www.gilian.com), Safewww, Inc. (www.safewww.com) and CrossLogix, Inc. (www.crosslogix.com). Content Protection Email is one of the main forms of communications for corporations today. If this mode of sharing critical business knowledge goes down, an enterprise’s operations rapidly flounder. Companies everywhere are realizing just how crippled they could be without email. More importantly, they see just how vulnerable their information and networks are as a result of inadequately protecting this gateway. A number of organizations readily come to mind when talk of email security begins. Symantec Corporation (www.symantec.com) continues to strengthen its leading position with new products and services, such as Norton Anti-Virus Corporate Edition 7.5 for enterprise-wide protection. The product’s Digital Immune System technology provides automatic virus detection, analysis and delivery of remedies to an infected PC or entire corporate network with or without the administrator. Of course, also big news for Symantec this year was its acquisition of AXENT Technologies. ScanMail from Trend Micro (www.trendmicro.com) is another tool that provides centrally controlled protection against viruses, spam and malicious code. Its MacroTrap technology enables it to detect and remove known and unknown macro viruses using heuristics. This proactive feature allows administrators to fight viruses for which signatures do not exist. Look for Trend Micro to continue bettering its family of products. Now that Baltimore Technologies (www.baltimore.com) has acquired Content Technologies, prepare for new integrated solutions to hit the market next year. By bringing Content’s policy-based content security product, MAILsweeper, to its already strong e-business security portfolio of PKI and m-commerce solutions, Baltimore will be well-positioned to develop new and innovative security solutions. In addition to other mainstay organizations such as Sophos Anti-Virus (www.sophos.com) and McAfee (www.mcafeeb2b.com), a Network Associates business, F-Secure Corporation (www.f-secure.com) also proves to be a strong provider. Not only does the security player protect a company’s network through a distributed firewall, VPN and cryptographic technology, it also boasts malicious code protection and centrally managed security for all mobile devices and remote stations. No doubt, the company will continue growing and bettering these wireless security devices as time passes. Yet another innovation that launched this past year and will, no doubt, become a core solution in protecting content is GAP technology. SpearHead Security Technologies, Inc. (www.sphd.com) seems to be on the forefront of this area with its AirGAP system, a software/hardware combo, which offers protection against viruses, DoS attacks and other malicious code by creating two separate networks disconnected from one another within the same box. Whale Communications (www.whalecommunications.com) also uses a similar technology it has coined Air Gap. Called e-Gap, its system complements the company firewall, terminating all TCP/IP connections at the air gap. Communications are then inspected and moved via the gap to protected and critical e-business systems. On top of offerings that provide a distinct break between the Internet and crucial information systems, certain vendors are attempting to be more aggressive in their battle with malicious code. The concept of anti-virus systems being more proactive is increasingly becoming a facet of the enterprise war cry. After the LoveBug virus and various trojans hit a plethora of organizations this past year, they wondered why the anti-virus tools they had in place didn’t prevent the onslaughts. Consequently, some providers are pointing to the reactionary methods of signature-based detection in touting their wares. Pelican Security (www.pelicansecurity.com) is an up-and-coming vendor that uses dynamic sandboxing technology to proactively protect networks from known and unknown mobile code. Its SafeTNet tool uses corporate-defined policies that control malicious code’s access to data and system files, applications and other network resources. Finjan Software (www.finjan.com), a similar and older solutions provider, has received accolades for its SurfinShield product, which also tackles the problem of malicious code through behavior monitoring. With its patent pending X-Box technology, said to enhance Java’s ‘sandbox’, SurfinShield provides security against malicious forms of ActiveX arriving via email, the web or Instant Messaging. Sybari (www.sybari.com), TenFour (www.tenfour.se), Panda Software (www.pandasoftware.com), Pointsec Mobile Technologies, Inc. (www.pointsec.com) and Diversinet Corp. (www.dvnet.com) are providers that also boast solutions in this area. WatchGuard Technologies, Inc. (www.watchguard.com), well-known for its firewall and VPN tools, has also introduced a LiveSecurity subscription service that provides virus alerts and other updates to its products and WebBlocker database. Biometrics and Smartcards As e-business continues its non-stop flow, authentication mechanisms that are stronger than the traditional username and password scheme are in demand. Enter biometric technology and smartcards. Traditionally, biometric security was widely adopted by intelligence agencies and other government entities. Often said to be the only true form of authentication, biometrics uses fingerprints, retinal scanning and voice recognition to armor networks and data. Now, corporations with high-value information and assets are entertaining thoughts of adopting this stringent protection for themselves. SecureSuite from I/O Software, Inc. (www.iosoftware.com) is a comprehensive solution accessing PC workstations. Besides authenticating users at logon, the tool also uses the SecureSession feature to add extra security when accessing particular applications. SecureSuite’s ease of deployment and use also adds to its appeal. Through its partnerships with AuthenTec (www.authentec.com), a provider of fingerprint sensors, and Microsoft, which will include I/O’s SecureSuite and Biometric Application Programming Interface in new versions of the Windows OS, the company is fast-becoming a market leader. Look for more of the same from them next year. Digital Persona (www.digitalpersona.com) of California offers a fingerprint authentication system, UareU Deluxe and will soon launch UareU Online Biometric Authentication Service. Now in Beta, the site will be an Internet authentication service that maintains an anonymous fingerprint database for companies, to provide easy, secure and fast user authentication to access sensitive information or engage in safeguarded e-commerce. Given this development, this vendor will appeal greatly to the health care, financial and ASP market at an even greater pace over the coming year. Also, take a look at Biodata (www.biodata.com), Iridian Technologies, Inc. (formerly IriScan, Inc.) (www.iriscan.com), American Biometric Company (www.biomouse.com) and Identix (www.identix.com), if you happen to be an organization searching for the strong security biometric tools can give. “Already biometrics is catching on, (but) … I’m disappointed the Americas haven’t gone the way of the Europeans,” says Charles Cresson Wood, security expert and author of the well-read Information Security Policies Made Easy, which is now being used by PentaSafe Security Technologies (www.pentasafe.com) for its VigilEnt Policy Center tool. Any visit to Europe will tell you that smartcards and tokens have been more widely adopted in those countries compared to other regions. Nevertheless, some experts believe that the United States may play catch-up in the next one to two years. Wood explains that credit card companies, such as American Express, have made inroads into the adoption of smartcards although more needs to be done. It may be that as PKI is deployed on a wider basis, smartcard use will grow since it provides the means to safely and securely store digital certificates needed for PKI. HID Corporation (www.hidcorp.com), having just expanded its line of smartcards, is most certainly a mover and a shaker in the market. The addition of the IQcard MIFARE product allows for the securing of any number of applications, including e-commerce, access to medical records and more. It accomplishes this by separating files, while also providing mutual authentication, data encryption and electronic purse functions. Datakey (www.datakey.com), CRYPTOCard (www.cryptocard.com), Keyware (www.keyware.com), Aladdin (www.ealaddin.com), ActivCard (www.activcard.com), Schlumberger Smart Cards (www.1.slb.com), Utimaco Safeware (www.utimaco.com), Thinkpulse, Inc. (www.thinkpulse.com) and more are vendors to review when considering migration to smartcard security implementations. PKIs, VPNs and Cryptography A number of experts agree that VPNs finally seized a place this past year in a company’s security configuration. With the many partners, contractors, remote users and telecommuters that need access to the company network, VPNs seemed an easy-to-use, reliable and scalable solution. Best practices and standards being adopted and followed by most VPN vendors also facilitated this broad acceptance. In addition to WatchGuard, F-Secure and PGP Security, a number of other companies have strong VPN products worth considering. These include Alcatel (www.alcatel.com), AppGate (www.appgate.com), Asita Technologies (www.asitatech.com), BorderWare (www.borderware.com), Check Point (www.checkpoint.com), SafeNet, Inc. (www.safenet-inc.com) (formerly IRE) and Lucent Technologies (www.lucent.com). Now that LASAT Networks (www.lasat.com) of Denmark has merged with Eicon Technologies to form Eicon Networks, its operations in the U.S. look to be expanding. With the launch of its WAP-enabled thin server, MASQUERADE, and its SAFEPIPE family of VPN products, which use IPsec, 128-bit and triple-DES encryption, this is a company to keep an eye on. Although VPNs have finally seen triumphs, the year of PKI has yet to be fully realized and, in fact, this repeated declaration – “This is the year of PKI!” has become a running joke among industry professionals. Those hoping that PKI will soon be completely deployed by organizations, rather than being undertaken only in pilot programs, may finally find their wish filled this year. If not all together, some say, at least the beginnings of widespread adoption will start unfolding. With SSH Communications Security’s (www.ssh.com) recent release of its IPSEC Express 4.0, the company has heightened the functionality of its IPsec (Internet protocol security) solutions. The newest version supports the VxWorks operating system, as well as the industry’s latest Internet and industry standards, such as IPv6, enhanced PKI, and the new Rijndael cryptography standard. In facilitating the execution of IPsec and PKI industry standards, SSH’s toolkits bring strong, cryptographic security to IP networks. This company will continue raising the bar for quickly implementing various security applications with ease. A strong player in the mobile e-business security marketplace, Certicom (www.certicom.com) recently made great strides in the world of wireless PKI with the release of its Trustpoint suite. Touted as bridging the gap between wired and wireless worlds, this line of solutions enables companies to use compact, standards-based certificates with their existing directory and PKI systems. These small, but fast, certificates can protect exchanges launched from mobile phones, PDAs and pagers. This company will continue with its innovative and creative undertakings in infosecurity next year. Again, Baltimore is a key player here, but Entrust and VeriSign (www.verisign.com) also play major roles. In particular, Entrust Technologies (www.entrust.com), which is one of the longest-standing players in this territory, has developed a broad range of products which is the envy of many of their competitors. Not to be overlooked are Canadian Crysalis-ITS (www.chrysalis-its.com), Cylink (www.cylink.com), ValiCert (www.valicert.com), SPYRUS (www.spyrus.com) and the long-standing RSA Security (www.rsasecurity.com). While many vendors in this area of infosecurity have found it difficult to convince the corporate marketplace of the need to properly secure their B2B transactions, Entegrity Solutions (www.entegrity.com) has succeeded with at least 200 of the Fortune 2000 companies. Their mixture of out-of-the-box products in the Trust Solutions range offers (amongst other things) policy-based secure email and mobile security for laptop users. Late last year, nCipher, Inc. (www.ncipher.com), a developer of hardware security products for PKI applications, expanded its sales efforts to include South America. Headquartered in the U.K., it also has offices in the United States where sales are growing. Besides offering accelerator products to increase performance of network devices, the company also offers products such as nForce, nShield and KeySafe to facilitate the deployment of a PKI. Look out for this vendor to continually enhance offerings and widen its global reach. SHYM Technologies (www.shym.com), a manufacturer of tools that enable the quick and less complicated deployment of often-problematic PKIs, will continue making a name for itself. Also, pay close attention to the service provider trend pushed along by Pricewaterhouse-Coopers’ (www.pcwglobal.com) beTRUSTed offering that was launched late last year.Of course, there are other cryptographic technologies that protect corporate information in more readily deployable solutions. PC Guardian (www.pcguardian.com) provides strong encryption of important data, while Kyberpass Corporation (www.kyberpass.com), Rainbow, Inc. (www.rainbow.com), and Xcert International, Inc. (www.xcert.com) are others on the list that should be examined. The Market WaveBecause today’s business world demands security, an inordinate number of infosecurity companies have arrived on the scene. The market, however, will bear out the true and reliable vendors from those attempting to simply ride the proverbial wave to expand their bottom lines. In attempts to maintain spots in this changing and volatile market, some vendors may try to complement their tools with services. Also, as it was this time last year, too many acquisitions and mergers to count will occur in this one. Smaller players or those with a weak presence will continually be bought out or just fall out of the picture. “It’s definitely a challenge for IT managers to identify products and vendors that will remain in the marketplace for the long haul,” says David Morrow, director of investigative services for the newly formed Fiderus, a security consulting company. “Nobody wants to be stuck with a product that is suddenly obsolete when the provider is acquired and stops supporting it.” Extensive research and consulting by vendor-neutral firms may help corporations in their search for the perfect security tools. Moreover, companies’ executives must understand their business needs and operations completely to know exactly what parts of it need protecting and how this is best accomplished. No matter these steps, though, there are bound to be companies or technologies that may be alien to some folks. One emerging solution not to be overlooked is the trusted operating system. Hewlett Packard (www.hp.com) and Sun Microsystems (www.sun.com) are the old guard in this area, but this year other providers that offer strong technologies include Argus Systems (www.argus.com), Cyber-Ark (www.cyber-ark.com) and Qiave (www.qiave.com) which was recently purchased by WatchGuard. These trusted operating system tools and other security devices chosen by companies will be further tested by the strength of the training and policies that should be put in place. If an organization fails to arm its employees with infosecurity knowledge, warn many experts, any tool can likely be rendered quite useless. Prompted by PentaSafe’s new VigilEnt Policy Center tool, other vendors will begin launching solutions that help end-users get educated. The requirement for these training tools and lessons for users about infosecurity benefits will be exacerbated by cultural beliefs that change from country to country. To answer demands derived from different parts of the world, vendors will have to keep up with the unique laws, regulations and feelings of those areas. Explains Morrow, to be viable security providers, companies must have a worldwide presence and, therefore, strong understanding of the countries they serve. It all comes back, after all, to that evolving international digital economy. “The global economy is here and successful security players will have to be global and understand local laws and regulations to compete. In some ways, the technical solutions will be easy. It is the local laws and cultural beliefs that will be difficult to navigate,” he maintains. “I think the successful global IT security player will have to be very adept at dealing with the many different views and political systems we’ll encounter. Many other countries, such as China, view security and technology from a profoundly different vantage point than Western countries do. Even Western Europe has implemented very strict personal privacy laws compared to American standards … We’ll be wrestling with these cultural and political differences long after the technical problems are overcome.” Yet the task immediately at hand is solving those dreaded security problems. While this job may seem daunting, organizations still searching for answers can take heart – with the scores of vendors peddling their solutions, it’s a buyers’ market. Companies just have to do their homework before they go shopping. Top Ten Internet Threats by Katherine Henry Here is a round-up of the top ten threats in the U.S., U.K. and Asia Pacific region. It’s worth remembering that Internet security solutions are also improving to keep up to date with the threats. Notable among these are trusted operating system (TOS) solutions that can prevent most, if not all, of the threats listed below. Super-user vulnerabilities: The goal of most ‘hacks’ is to gain super-user control (or Windows Administrator control). Super-user is all-powerful and can disable security applications, such as intrusion detection systems or firewalls. Disgruntled employees: Since they are ‘authorized’ users, disgruntled employees can perform sensitive operations from within your security perimeter. They can take down system resources, alter data content and install backdoors for later use. Buffer overflows: These are a common vulnerability and new ways to exploit them are discovered by hackers on a regular basis. Buffer overflows can be used to gain super-user control. Kernel attacks/loadable kernel modules: These are a more sophisticated form of attack that allow hackers to corrupt or replace programs in the operating system kernel itself to cause severe system damage. Application security flaws: Given the speed to market of e-business software, programs frequently have bugs, many of which can be exploited to gain access to other applications or the system as a whole. CGI-script exploits: CGI script implementation often has bugs and frequently introduces security holes that can be used to attack web servers. Password sniffing: Hackers often use this method to guess a legitimate user’s password in order to gain access to the system and to gain greater access for future attacks. Human error: Corporations rely upon good security practice among their employees to safeguard systems. It is not uncommon for hackers to engage in myriad social engineering activities, such as posing as members of the IT department or partner companies’ IT departments, to gain passwords or access to computers that can later be used for theft or damage. Virus/trojan horse: These are surreptitiously installed programs specifically designed to cause damage or to open up holes so that attackers may gain system entry at a later date. Denial of service: The DoS attack deliberately floods a server with false requests to shut down or slow down traffic to that server. It is most frequently launched from other powerful computers that have been hacked (known as zombie machines), and have had programs installed on them to create these false requests. Katherine Henry is marketing communications manager for Argus Systems Group Ltd. in the U.K. Balancing the Load by Illena Armstrong Reliability is key when attempting to gain an unfaltering spot in the world of e-business. Services that an organization offers, products it sells, applications it uses within and without its walls, and the security mechanisms it has put in place, must remain up and running, delivering dogged performance. There are several suppliers of solutions that facilitate the high availability and scalability of Internet and enterprise applications. One of the leaders in this space is StoneSoft Corporation. Combining load-balancing and high availability features, their StoneBeat cluster technology ensures that companies’ critical network components continue their operations. Application independent, the solution is scalable from small- to enterprise-sized businesses. Evidian, a Groupe Bull company, has released SafeKit, a 24-by-7 software solution for e-business application load-balancing and fail over. This product, too, provides maximum service performance in scalable secure management software that strengthens Internet and e-business functions. Known more for its security appliances that boast firewall, VPN, anti-virus and content filtering capabilities, SonicWALL, Inc. just entered the fray when it recently acquired Phobos Corporation, a hardware company that produces products that offload and accelerate secure transaction processing. Though SonicWALL has traditionally catered to small and medium businesses, look for this company to make great strides into the large enterprise and e-commerce markets with its newer offerings, like SonicWALL Load Balancing Rack or the SonicWALL SSL Accelerator Rack. Yet another company to be mindful of during the course of the year is NetScreen Technologies. Its Internet security systems and hardware devices enhance the performance of firewalls, VPNs and traffic control for e-businesses, as well as broadband and application service providers. Scalability, manageability and strong performance form the foundation to its line of solutions. |