Hitting The Target
But despite the challenges involved in securing Windows, many security ISVs have been tweaking traditional approaches and coming up with new ways of identifying and managing threats.
Shavlik Technologies, a Roseville, Minn.-based vendor specializing in vulnerability assessment and remediation software, believes the key to protecting networks is to give organizations a simpler way to monitor their security posture, said President and CEO Mark Shavlik.
Shavlik, a Microsoft partner that in the 1990s helped develop Microsoft's Baseline Security Analyzer (MBSA), in mid-July plans to release Shavlik Security Intelligence, an application that lets organizations keep tabs on their local and remote networks through a dashboard that tracks device configuration settings, system patch levels and malware infections.
"Every vendor has a dashboard with pretty pictures, but users need to have visibility into remote sites to really understand their security posture," Shavlik said.
Although the vendor has built much of its business around Windows, Shavlik says the security measures baked into Vista have made it more difficult for third-party vendors to develop products for the platform. "Microsoft did a good job of making Vista more secure, but security vendors face the challenge of getting to the administrator level that Vista is designed to protect," said Shavlik, who nonetheless expects to significantly boost his company's support for Vista in the coming months.
Shavlik's software addresses the critical need to keep Microsoft products up to date and also deals with the challenge of helping customers understand where security issues exist on their networks, said Pete Greco, vice president of sales at Productive, a Shavlik reseller based in Minneapolis.
"Shavlik does this in a way that's easier to manage than Microsoft Windows Server Update Services [WSUS], and which greatly cuts down on the time and complexity of security management," said Greco, who adds that current demand for this technology is particularly high in the midmarket.
Blue Lane, Cupertino, Calif., is building a channel program and recruiting partners on the strength of its unique ability to protect servers, said Greg Ness, vice president of marketing at Blue Lane. Blue Lane works with Solaris or Linux servers, as well as Windows. Blue Lane's Virtual Shield is a software hypervisor that plugs into VMware implementations and focuses on "correcting" malicious traffic rather than blocking it, Ness said.
Servers have unique security requirements, and applying patches too quickly can lead to downtime, Ness said. Blue Lane's technology looks deep into applications and operating systems to allow the vendor to apply corrective action before the patch is applied, he added.
"If you apply patches too quickly to the server, you risk availability. Therefore, vulnerability windows are generally tolerated as a necessary evil," Ness said. "Our technology is very application- and protocol-aware, as opposed to focusing only on vulnerabilities and exploits."
Applying the patch to traffic as it's coming through the network without having to touch the servers could be a major differentiator, said Jeff Roback, president of Praxis Computing, a Marina Del Rey, Calif.-based solution provider.
"This could be Blue Lane's response to the difficulties of doing behavior-based detection—it looks like they've decided to go in the opposite direction," Roback said.
Next: Server Protection
"When installed on a VMware server, Blue Lane's Virtual Shield protects all the other servers on that box. That, to me, is true innovation around security," Roback added.
Windows Server 2008, formerly known as Longhorn, is part of the road map for Virtual Shield, which also works with Linux and Solaris servers, Ness said. Windows Server 2008 is slated to release to manufacturing late this year, with broad availability on for next year.
On the identity life-cycle management front, Ross Duncan, vice president of channels at Gemalto, an Arlington, Va.,vendor of smart card technology, said progress has been made in Vista, with the addition of an application suite that allows management of digital certificates for smart cards and tokens. Through a partnership with Microsoft, Gemalto provides security digital identity technology that uses smart cards for controlling physical access to buildings as well as to ensure, for example, that a user is the legal recipient of an e-mail, Duncan said.
Gemalto in May released its Secure Digital Companion, a hybrid token that's used to generate one-time passwords and uses public key infrastructure (PKI) to log into Windows Vista.
The Secure Digital Companion also includes a half-gigabyte of storage with file encryption technology from Utimaco, which gives companies the convenience of portable storage without the risks of allowing devices such as USB keys into the network, Duncan said.
The tight integration between Gemalto and Windows makes it possible to take a Gemalto smart card and use it seamlessly with a PC running Vista, without the need for extra drivers, he said.
Gemalto's integration with Vista as well as with environments such as Citrix is a key selling point for Gemalto channel partner Jim Steinlage, president of Choice Solutions, Overland Park, Kan. "The reason we're moving forward and seeing this technology as a viable market is because of that integration," he said.
"They've also taken a better approach to building strong channel partnerships than some of their competitors who've sold to everyone and saturated the market," Steinlage said.
In the antimalware space, big players like Symantec and Trend Micro have taken a major stab at trying to redefine security, with the former banking on reputation-based analysis, and the latter touting behavior-based analysis, noted Praxis' Roback.
However, smaller ISVs are beginning to woo partners away from larger players. Jeffrey Sherman, president of Los Angeles-based solution provider Warever Computing, is seeing good traction for Sophos' Security Suite Small Business Edition and Grisoft's AVG Antivirus 7.5, AVG AntiSpyware and AVG AntiMalware 7.5 titles for Vista.
Sophos' end-point security products are effective in part because they handle updates in a different way than other vendors, Sherman said. "They do full program updates once a month, which includes all [antimalware] definitions and then incremental updates during the day, which could amount to four to five updates a day," he said.
However, Sophos' software is more expensive than many competitors' offerings—starting at around $90 per seat annually and licensed on a per-user/per-year basis—and some companies have shied away as a result, said a Sophos solution provider partner who asked not to be named.
That VAR has found Grisoft's AVG to be a cheaper alternative to Sophos. "Although [AVG] isn't as effective as Sophos, it is more lightweight and has better detection speed. And, at between $20 and $25 per year, it's also much more affordable for smaller businesses," said the solution provider.
As Vista raises the bar for security, features that were value-adds in the past no longer have the same status, and that means security ISVs are trying to once again find ways to separate themselves from the pack, Roback said. "As technologies become commoditized, everyone has to differentiate themselves again," he said.
Solution providers face the same dilemma and must maintain their edge by keeping track of vendor attempts to differentiate their products and reacting accordingly, Roback added.
"For example, these days being able to install Exchange Server won't get us work, but knowing how to install Exchange Unified Messaging will," Roback said.