The Next Evolution


A series of new products is pushing security technology to new frontiers


On its Web site, Neoteris, a 2-year-old start-up based in Mountain View, Calif., proudly describes the meaning of its name,a new land or territory,and how it is making good on the Greco-Roman definition with what it calls the industry's first virtual extranet appliance. Indeed, Neoteris and a host of other companies are reaching new frontiers in the security market with software and devices that go beyond traditional solutions.

Security has been at the forefront of people's minds for months, and customers now need more than just standard firewall and antivirus protection. Security-technology vendors young and old have begun rolling out promising new products with hopes to branch out beyond the norm and differentiate themselves in a newly competitive market.

The industry appears poised for expansion, too. For instance, analyst firm IDC recently reported that, despite an economic recession and the slowdown in IT spending, the worldwide Internet security-software market grew a remarkable 18 percent from 2000 to 2001 to reach $6 billion. IDC also predicts the security-software market will sustain double-digit growth to hit $14.6 billion by 2006.

With security software continuing to grow and evolve, more technology vendors are developing the hardware to automate and simplify the software. Here is a look at three new technologies that have gone beyond the current boundaries to kick-start the next evolution in security technology.

Neoteris: Virtual Workplace

After a rough few years, Jim Clark has returned to the technology industry as chairman of Neoteris. Clark, the IT industry icon and co-founder of Silicon Graphics and Netscape Communications, had a run of bad luck in recent years with such ventures as Healtheon, a health-care information dot com. However, Neoteris attracted Clark and Jim Barksdale, another Netscape co-founder, who became the lead investors.

Neoteris began as a small operation focused on secure remote-access solutions. Before the company officially launched last November, the Neoteris team, led by a group of former Healtheon employees, developed instant virtual extranet (IVE) technology, which provides secure remote access and eliminates open-ended network-layer connections and administrative expenses. Neoteris EmployeeAccess and PartnerAccess appliances use IVE technology to quickly deploy secure, customizable extranets.

"IVE is an alternative to VPN technology," says Jason Matlof, director of marketing at Neoteris. "We're basically a software company, but we have hardware that gives us a platform standard."

Matlof says IVE technology is easily deployed and allows network managers to install the device with no network footprint or LAN-side configuration. The device also has APIs designed to connect with existing security technology in the customer's infrastructure, and supports both Java and the Simple Network Management Protocol.

Neoteris, which has some 20 VARs, says 100 percent of its sales are channel-based. The company has signed on 70 customers since its launch and received several industry accolades. Recently, Palm selected Neoteris' PartnerAccess 1000 IVE to replace the company's FTP e-mail system, which employees used to communicate with outside partners. Large data was cumbersome for e-mail, and the FTP system was too time-consuming for employees, especially when new members were added to the e-mail loop. Palm officials say they were able to create a partner extranet using the technology in a half-hour.

Corsa Network Technologies, an integrator specializing in threat-management solutions, was the first VAR to partner with Neoteris. Aubrey Brown, president of Corsa, says he seeks partnerships with smaller security start-ups that have technically attractive and innovative products, instead of the basic firewall and VPN technology. Neoteris' PartnerAccess and EmployeeAccess appliances fit the bill, Brown says.

"I love these products. There isn't a company in the world that can't use this technology," he says.

Cenzic: Hack In a Box

Greg Hoglund doesn't like software patches. "Hardware manufacturers always perform fault inspection and testing," he says. "When Intel makes a chip, it fault-tests it day and night for months on end because it's hardware, and it would cost millions of dollars to recall it. With software, you just wait for something to break and then apply a patch."

Patches are great after the fact, but they don't prevent attacks or security breaches before they happen. Hoglund, co-founder and CTO at Cenzic, a start-up in Campbell, Calif., didn't want to wait for something to go wrong.

The company recently introduced its flagship product, Hailstorm, which is a software platform that offers automated testing for unknown vulnerabilities within a network and surrounding applications. Cenzic officials developed the product as a more efficient alternative to network scanners that simply search for known vulnerabilities.

"We understood that enterprises run their applications through the Internet, and that the method is not secure," Hoglund says. "Security scanners do nothing to protect the network anymore."

While Cenzic was in stealth mode, Hoglund spent two years researching vulnerabilities that hackers and cybercriminals exploit. He cataloged various types of buffer overflows, denial-of-service attacks, SQL injection, and other bugs and programming errors. The company then developed a patent-pending methodology for security quality assurance, based on software fault injection that tests for unknown vulnerabilities.

The company's vision was essentially to "put a hacker in a box" and let it test the system through generating various kinds of traffic. Hailstorm's automated platform works in five phases, starting with a discovery process that fingerprints the network and related systems and then launches the fault injectors based on the discovery. The platform searches for faults next, reports on any flaws or weak spots, and finally provides an analysis of the faults for correction.

Cenzic CEO Alan Hendricks says the company is currently building a channel program and is in negotiations with several solution providers. Hendricks believes the increase in custom-built applications and the emergence of Web services will require more efficient fault inspection and quality-assurance software like Hailstorm.

"Your typical firewall and antivirus software won't cut it because they're not enough to handle all of the data exchange," Hendricks says. "They don't anticipate and identify new types of attacks and vulnerabilities."

CA: Perfect Vision

Older, more established security- technology vendors are getting into the act, too. Building on its market lead in the security software market, Computer Associates (CA) recently introduced the newest addition to its security software product line, eTrust 20/20, which officials say will give enterprise security administrators "20/20 vision" into both digital security and physical-access events.

CA's eTrust 20/20 is a security-management product that monitors

and analyzes employees' actions on both digital and physical levels, while analyzing patterns to pick up on abnormal and potentially harmful behavior within the enterprise. The software integrates data from IT sources, such as e-mail and Web access, and physical-access facilities and security checkpoints, such as keycards. It then combines the information to help security administrators pinpoint abnormal behavior and potential breaches.

Sanjay Kumar, president and CEO of CA, says there is an information gap between security-software defenses and physical access points in the enterprise today, and that the two sides must be joined. "There was no technology in the world that brought them together," Kumar says, "and that's one problem we wanted to solve."

The new eTrust solution features real-time and playback graphical interfaces, along with high-end visuals that can display an enterprise's building design and security-checkpoint layout, for example.

CA says it will introduce a 20/20 certification standard for technology vendors and solution providers in the near future. The 20/20 engagement model will involve a CA engineer being on-site with the customer for 90 days to help install and customize the solution and train security administrators.

Michelle Drolet, CEO of Conqwest, a Holliston, Mass.-based solution-provider partner, sees promise with eTrust 20/20. Her company started out in 1993 specializing in antivirus and firewall deployments, but has since expanded to other areas. "Security isn't just about firewalls and antivirus," Drolet says. "It's [about intrusion-detection, network management, remote management and policy management now."

CA officials say once the product is made available later this year, eTrust 20/20 will be its first product to be sold exclusively through CA's new short-term subscription licensing model, which replaces multiyear licensing agreements.