Network Security in the Spotlight

Spam at epidemic proportions. New virus threats from spam gangs that

target “zombied” computers and commandeer ISP networks. Competing secure

sign-on protocols for Web services. Spyware sneaking into the enterprise.

Given the growth of online security issues in the past year, it’s little

wonder that the RSA Security Conference in San Francisco this week is

setting new records for attendance and vendors alike.

The theme of this year’s RSA Conference, which kicks off in full Tuesday,

is “The Codes of Prohibition.” Panels will focus on how enterprises can

bulk up protection from

hackers and virus-writers while improving security from within. In

addition, privacy implications in the age of the all-seeing digital eye will get top billing.

Bill Gates, Microsoft’s chief software architect, is slated to kick off
the keynotes Tuesday. His address comes a week after Microsoft announced the purchase of Sybari Software, a provider of anti-virus, anti-spam and content-filtering technologies for enterprise customers.

The deal marks Microsoft’s second in the security sector in less than two

months and the third in the past year. In early December, it acquired Giant Software
, a provider of anti-spyware products. Some 21 days after the
purchase, Microsoft released a beta of its newly incorporated anti-spyware
tool. In 2003,
Microsoft purchased Romania-based GeCAD Software, which makes anti-virus
detection and data security products.

Gates is expected to continue highlighting ways in which Microsoft is

improving the security of its products on both the client and server side, as

well as its ongoing work to harden the Windows operating system for

security. Sybari’s technology, for example, is seen as helping enterprises

protect their networks at the server level, especially among collaboration

server systems.

But the Sybari technology will increase the competitive pressure on anti-virus

vendors such as Symantec and McAfee,

whose AV products are already in wide use across enterprise networks.

John Thompson, chairman and CEO of Symantec, is slated to deliver a

keynote address discussing trends in the security industry, including

Symantec’s $13.5 billion acquisition in December of Veritas. The deal

creates one of the largest brands in the security and back-up software

market. Thompson has said the combination of security and back-up

software is designed to address the problem many CIOs face:

preserving information integrity while making it highly available.

The Veritas/Symantec merger also underscores a trend among security

companies of new hybrid offerings that combine hardware and software. There are also the usual alliances. For example, Symantec has joined with IM security

provider IMlogic to offer IM Manager 7.0, which is designed to address

instant messaging management, compliance and security.

As another featured keynote presenter, Cisco’s CEO John Chambers is

slated to continue discussion of the company’s new security VPN

offerings, as well as new focuses on XML messaging.

As reported by, Cisco plans to

launch a new device that would improve the performance and security of

exchanging XML messages and position the company for growth in Web


The move would create new competition for traditional providers of

application server and message broker middleware, pitting the product

against companies such as DataPower and Reactivity in the market for fast,

multiple messaging functionality for Web services.

Reactivity, which provides XML Web services deployment systems, isn’t

waiting around for the competition, new or existing. The company has already

unveiled its Reactivity Federated Identity Model for Web services. Company

officials said the new reference architecture for authentication is based on

the Liberty Alliance trust model that for the first time offers a simple way

to preserve and use layered identity with XML Web services.

As Web services deployments become more sophisticated, the number of Web

services connections between applications grows, and multiple services need

to leverage the same layered identity information, a “single sign-on” for

Web services, Andrew Nash, Reactivity chief technology officer, told “Although the Liberty Alliance has created a

mature, standards-based federated identity model for individuals using Web

sites, Reactivity is the first to apply this model to XML Web services, — and

in a way that scales.”

Nash said Reactivity developed the model as its customers began to expand

their use of XML Web services beyond point-to-point connections after their

initial successes using Reactivity’s XML infrastructure. “These customers

wanted to deploy more complex, multi-hop services based on reusable

components, but to do this, they needed layered identity information, the

originators identity, as well as the identities of every service involved in

the transaction,” he said.

Mark Sunner, chief technology officer of e-mail security and filtering

provider Message Labs, said integrated security products are growing in

importance, as enterprises grapple with new threats every day.

“The issues of spam and viruses are not new, but the sheer volumes and


people are trying to counter are,” he told “What we’re

finding is that traditional approaches to countering all this stuff

are really not working.”

News Around the Web