Network Security Now Comes with Guarantees, Options

The way Finjan Software founder and CEO Shlomo Touboul sees it, the end justifies the means. Virus and spyware writers have become so sophisticated in their scams and attack strategies that it is time to up the ante in protection services.

Security risks have gotten so prevalent in the last two years that the attacks have drastically impaired applications and their data on business networks and consumer computers. Microsoft’s security patches come too few and too late to be much good.

So Touboul hired a team of professional network hackers to battle-harden his company’s next-generation security solutions. And he is backing up the product’s promise of no more virus infections with a money-back guarantee.

Everything Reverse Engineeered

So far, he is the only vendor in the computer security industry to put his company’s money where the CEO’s mouth is.

“We took more than two years to develop this concept. It reverse engineers the content of everything that filters through our security appliance to check for infections,” Touboul told TechNewsWorld in announcing the Vital Security Appliance products on February 21.

While Finjan software’s protection is aimed at medium to large gateway users, Check Point Software Technologies just introduced software with hardened security features more suitable for the enterprise workplace.

Finjan offers three variations of its new security hardware. The product is for large gateway applications rather than individual consumers or very small businesses.

The One Box series targets small businesses. It supports from 25 to 250 desktops from a single filter box. This series protects small companies from Web and e-mail threats. It includes capabilities to protect against threats arriving via SSL/HTTPS encrypted content and enforces SSL certificate policies at the gateway.

The One Box also creates a secure environment for sharing documents within organizations and with partners/customers.

Double-Layered Approach

It also protects against unauthorized access, saving, copying, forwarding, printing or even screen-capturing.

The Series NG 5000 targets mid-range enterprises with between 25 and 20,000 users. It protects up to 5,000 users per chassis. Options within this series provide a Web Security Scanner, e-mail Security Scanner, Security Load Balancer and SSL Security devices.

Large enterprises with 20,000 to 250,000 users are served by the NG-8000 Series. It protects up to 10,000 users per blade.

Touboul said the innovation in the security appliance packages comes from a unique double-layered approach to scanning all incoming and outgoing data. The system involves behavior-blocking at the application level.

The first step is a pre-scan that detects and removes 85 percent of malicious code. The second step is a deep-content inspection that detects ultra sophisticated attacks that pass the first step.

According to Touboul, these Next Generation of Application-Level Behavior Blocking scanners perform near “real time code interpretation.” These scanners are even more capable of detecting and blocking new and unknown viruses, worms, Trojans and other malicious code.

Hardened Against New Vulnerabilities

One of the biggest weaknesses of existing protection systems is the window of opportunity granted to new viruses. Signature-based antivirus scanners experience a lag time between a new virus being discovered in the wild and a cleaner treatment developed and released to subscribers.

That window of opportunity becomes a large secret back door for viruses that target specific vulnerabilities in operating systems and Web browsers. Vulnerabilities are known and published security holes in the Windows operating system and Microsoft Office program suite, or any critical desktop application.

Microsoft now issues security patches monthly. Typically, software companies issue routine virus signature updates weekly.

“Our system makes patch distributions and applications a secondary treatment,” Touboul said.

Thus, it becomes less critical for IT managers to execute systemwide patch updates. In fact, Finjan claims IT departments can safely deploy major security patches only twice a year.

With Finjan providing “virtual patches” on a daily basis, there is no need for actual patch installation on desktops, Touboul said.

Anti.dote Solution

Included in the NG series is a software support system that provides a new scanner for vulnerabilities. Anti.dote is a new concept to immunize corporate desktops from all published vulnerabilities before new virus families can be created.

Finjan’s Vulnerability Anti.dote Scanner immunizes all desktops from vulnerabilities without deploying Microsoft security patches every week. It uses a dedicated scanner to detect any attempt to exploit vulnerabilities in real time using a database of vulnerability rules.

When a new vulnerability is published, Finjan releases a new Vulnerability Anti.dote protection to head off the release of any new virus and before Microsoft releases a security patch.

Finjan’s security product also provides added protection against spyware intrusion. It does not wait for an infection to hit. Instead, the software checks a database of known spyware and a URL database of known spyware sources.

This third layer uses a dedicated rule base and scanning engine to detect unknown spyware, dialers, malware and other intrusions at the gateway.

The software blocks access of unknown spyware programs based on behavior blocking and analysis routines. In addition, it blocks existing spyware programs from reporting back to a programmed source.

Additional Security Engines

The anti-spyware support addresses executables, Java scripts, VBS scripts, ActiveX and Java applets. It also creates and maintains a database of known spyware to identify repeated attempts to infect computers on the other side of the gateway appliances.

Finjan integrates its antivirus protection with scanners and signature definitions provided by McAfee and Sophos. Similarly, Finjan integrates URL filtering with EdgeForce Web Filter SurfControl and Secure Computing’s SmartFilter.

As for the guarantee against contracting viruses, Finjan offers a one-month return payment. Gateway purchasers pay for both the appliances and the monthly subscription.

“That refund is a very significant amount of money,” Touboul said. “But the hackers we hired reported a rock solid security product.”

Meanwhile, a revamping of Check Point Software Technologies’ product line brings tighter security features to IT managers. The company announced the release February 7 of two products designed to address the rising complexities of network intrusion.

Integrity 6.0 bolsters network security with Program Advisor, providing users with day zero protection from virus intrusion. Integrity client and server software secures all networked PC’s by centrally managing proactive defenses and enforcing access policy compliance. It incorporates Check Point’s Malicious Code Protector technology to stop buffer overflow and other attacks that exploit flaws in PC applications and operating systems.

Eventia Analyzer allows IT security departments to reduce the cost and complexity of security event correlation, management and reporting. This is a comprehensive security event management solution that automatically prioritizes security events for decisive, intelligent action.

Program Advisor

“We designed Integrity to provide hardened endpoint security that is easy to manage, deploy and scale,” Gonen Fink, vice president of solutions and strategy for Check Point Software Technologies, said. “Integrity 6.0 includes significant enhancements enabling superior security levels with the addition of IPS capabilities, while it reduces the lowest total cost of ownership with the introduction of high-availability and multi-site management features.”

Integrity 6.0 improves day zero protection with the Program Advisor feature. This is an optional service that gives administrators the ability to automate most application policy decisions for granting or blocking network access to PC applications.

The service is based on a dynamic knowledge base containing more than 85,000 applications. The real-time, on-demand policy decisions allow the “known and good” applications network access while blocking emerging day zero threats that are attempting to enter the enterprise network.

“The new theory in intrusion prevention is to monitor traffic in real time,” said Ken Tom, product marketing manager of endpoint security for Check Point.

Security event manager coordinates data from multiple sources and filters security events from other system noise, according to Jane Goh, product marketing manager for Check Point This product will be available in March.

“The sheer enormity of information collected by security devices makes it extremely difficult for existing security event management solutions to identify meaningful events in a timely fashion, if at all,” Fink said.

Designed to be easily deployed in hours, Eventia Analyzer has an extensive base of built-in knowledge about which security events are important and which can be considered insignificant. This greatly increases an enterprises’ protection without inundating its security team with lower-priority alerts, Fink explained.