[ISN] Aiming for safer net connections

From: mea culpa (jerichot_private)
Date: Tue Oct 06 1998 - 12:42:33 PDT

  • Next message: mea culpa: "[ISN] A Cracker-Proofing Guarantee (hacker insurance)"

    Forwarded From: phreak moi <hackerelitet_private>
    Aiming for safer Net connections
    By Tim Clark
    Staff Writer, CNET News.com
    October 5, 1998, 4:10 p.m. PT
    Four separate data security initiatives were announced today, each aimed
    at calming the nerves of network managers who have been spooked by hacks
    of high-profile Web sites. 
    Richard Brewer, senior analyst at International Data Corporation, thinks
    last month's attack that shut down the New York Times Web site has put
    corporate security managers on notice that their systems may be
    "When somebody messes with your Web site and your commerce system, they
    are messing with your money,"  Brewer said. "It's not just making you look
    foolish, it's not just an annoyance--your business can now be shut down by
    hackers, not merely inconvenienced." 
    A survey conducted earlier this year by the Computer Security Institute,
    in conjunction with the FBI, showed a 36 percent increase in quantified
    losses from security breaches compared to the previous year. 
    Network managers charged with securing data on computers attached to the
    Internet can choose between newly upgraded software products from Axent
    and Internet Security Systems, an insurance program, or a service provider
    that offers financial guarantees. 
    The latest to jump into the Internet security market is giant insurer
    Cigna Property & Casualty, which will sell insurance that guards companies
    against financial losses suffered at the hands of hackers. 
    The Cigna program mimics in some ways the TruSecure offering of ICSA, a
    for-profit security firm that inspects corporate networks and offers
    $20,000 if the system security is breached. 
    Cigna's program is run in conjunction with the networking giant Cisco
    Systems and NetSolve, a network security outsourcer. NetSolve uses the
    NetRanger intrusion detection software that Cisco acquired in February
    with Wheelgroup. 
    Coverage for Cigna's new Secure Systems Insurance ranges up to $25
    million, and premiums run into five figures. 
    Cigna's insurance covers computer crime involving theft of money,
    securities, and property, damage by hackers to a business's data or
    software, and business losses stemming from attacks on a company's
    computer systems. Traditional property and general liability insurance
    policies do not address these risks, Cigna said. 
    ICSA is expanding its TruSecure service by covering virtual private
    networks (VPNs) as well as perimeter defenses of corporate networks. The
    service already tests networks for security holes, recommends remedies,
    and then assures companies that their defenses can't be breached in an
    external attack. 
    TruSecure VPN includes remote and on-site assessments and encryption
    testing as well as advice on closing security holes. Once a site is
    certified safe, ICSA rechecks it quarterly. 
    A recent IDC study found that security worries are dissuading companies
    from expanding their VPNs.  VPNs use the public Internet for encrypted
    communications instead of utilizing costly private networks. 
    ICSA runs a product certification program for VPN software, and the new
    TruSecure VPN service builds on those testing procedures. The VPN service
    is available now for $18,900; the full TruSecure service starts at $39,900
    The two intrusion detection software rivals, Axent and Internet Security
    Systems, are basically adding technology that the other one has. Intrusion
    detection software, which detects and responds to attacks, comes in two
    forms--network-based monitoring and host-based systems. 
    Axent has had host-based intrusion detection software, and now it's adding
    network monitoring.  ISS has been a network-based monitoring system and
    now it's adding hosts. Both say no one else has both kinds of intrusion
    detection software. 
    Axent calls its new network-monitoring technology NetProwler, and it works
    with Intruder Alert 3.0, Axent's host-based product. 
    "The best, most comprehensive intrusion detection software needs to have
    both network- and host-based capabilities packaged together under a single
    management interface," Steven Foote, an analyst at Hurwitz Group, said in
    a statement. 
    ISS is adding host-based monitoring in version 3.0 of its RealSecure
    product, due to ship in December. Pricing is based on the size of a
    network and begins at $8,995. 
    ISS also announced that Entrust Technology, which markets public key
    infrastructure software for issuing digital certificates, will bundle ISS'
    host-based intrusion detection software with Entrust's PKI systems by
    year's end. A free 60-day evaluation copy of ISS' network-monitoring
    software, Internet Scanner, also will be shipped with Entrust
    In addition, ISS also introduced a new decision-support application that
    integrates data from its intrusion detection software with third-party
    information to give customers a view of their enterprise's entire security
    set-up. SAFEsuite Decisions automates the collection, integration,
    analysis, and reporting of security data from multiple sources and
    locations. It can use data from security software from other vendors, such
    as firewalls. 
    SAFEsuite Decisions 1.0 is scheduled to ship by year's end with pricing
    from $25,000, depending on the size of a protected network. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:29 PDT