RealTime IT News

Network Security in the Spotlight

Spam at epidemic proportions. New virus threats from spam gangs that target "zombied" computers and commandeer ISP networks. Competing secure sign-on protocols for Web services. Spyware sneaking into the enterprise.

Given the growth of online security issues in the past year, it's little wonder that the RSA Security Conference in San Francisco this week is setting new records for attendance and vendors alike.

The theme of this year's RSA Conference, which kicks off in full Tuesday, is "The Codes of Prohibition." Panels will focus on how enterprises can bulk up protection from hackers and virus-writers while improving security from within. In addition, privacy implications in the age of the all-seeing digital eye will get top billing.

Bill Gates, Microsoft's chief software architect, is slated to kick off the keynotes Tuesday. His address comes a week after Microsoft announced the purchase of Sybari Software, a provider of anti-virus, anti-spam and content-filtering technologies for enterprise customers.

The deal marks Microsoft's second in the security sector in less than two months and the third in the past year. In early December, it acquired Giant Software Company, a provider of anti-spyware products. Some 21 days after the purchase, Microsoft released a beta of its newly incorporated anti-spyware tool. In 2003, Microsoft purchased Romania-based GeCAD Software, which makes anti-virus detection and data security products.

Gates is expected to continue highlighting ways in which Microsoft is improving the security of its products on both the client and server side, as well as its ongoing work to harden the Windows operating system for security. Sybari's technology, for example, is seen as helping enterprises protect their networks at the server level, especially among collaboration server systems.

But the Sybari technology will increase the competitive pressure on anti-virus vendors such as Symantec and McAfee, whose AV products are already in wide use across enterprise networks.

John Thompson, chairman and CEO of Symantec, is slated to deliver a keynote address discussing trends in the security industry, including Symantec's $13.5 billion acquisition in December of Veritas. The deal creates one of the largest brands in the security and back-up software market. Thompson has said the combination of security and back-up software is designed to address the problem many CIOs face: preserving information integrity while making it highly available.

The Veritas/Symantec merger also underscores a trend among security companies of new hybrid offerings that combine hardware and software. There are also the usual alliances. For example, Symantec has joined with IM security provider IMlogic to offer IM Manager 7.0, which is designed to address instant messaging management, compliance and security.

As another featured keynote presenter, Cisco's CEO John Chambers is slated to continue discussion of the company's new security VPN offerings, as well as new focuses on XML messaging.

As reported by internetnews.com, Cisco plans to launch a new device that would improve the performance and security of exchanging XML messages and position the company for growth in Web services.

The move would create new competition for traditional providers of application server and message broker middleware, pitting the product against companies such as DataPower and Reactivity in the market for fast, multiple messaging functionality for Web services.

Reactivity, which provides XML Web services deployment systems, isn't waiting around for the competition, new or existing. The company has already unveiled its Reactivity Federated Identity Model for Web services. Company officials said the new reference architecture for authentication is based on the Liberty Alliance trust model that for the first time offers a simple way to preserve and use layered identity with XML Web services.

As Web services deployments become more sophisticated, the number of Web services connections between applications grows, and multiple services need to leverage the same layered identity information, a "single sign-on" for Web services, Andrew Nash, Reactivity chief technology officer, told internetnews.com. "Although the Liberty Alliance has created a mature, standards-based federated identity model for individuals using Web sites, Reactivity is the first to apply this model to XML Web services, -- and in a way that scales."

Nash said Reactivity developed the model as its customers began to expand their use of XML Web services beyond point-to-point connections after their initial successes using Reactivity's XML infrastructure. "These customers wanted to deploy more complex, multi-hop services based on reusable components, but to do this, they needed layered identity information, the originators identity, as well as the identities of every service involved in the transaction," he said.

Mark Sunner, chief technology officer of e-mail security and filtering provider Message Labs, said integrated security products are growing in importance, as enterprises grapple with new threats every day.

"The issues of spam and viruses are not new, but the sheer volumes and problems people are trying to counter are," he told internetnews.com. "What we're finding is that traditional approaches to countering all this stuff are really not working."