Next message: mea culpa: "[ISN] A Cracker-Proofing Guarantee (hacker insurance)"
Forwarded From: phreak moi <hackerelite�t_private>
http://www.news.com/News/Item/0,4,27130,00.html?st.ne.3.gif.2
Aiming for safer Net connections
By Tim Clark
Staff Writer, CNET News.com
October 5, 1998, 4:10 p.m. PT
Four separate data security initiatives were announced today, each aimed
at calming the nerves of network managers who have been spooked by hacks
of high-profile Web sites.
Richard Brewer, senior analyst at International Data Corporation, thinks
last month's attack that shut down the New York Times Web site has put
corporate security managers on notice that their systems may be
vulnerable.
"When somebody messes with your Web site and your commerce system, they
are messing with your money," Brewer said. "It's not just making you look
foolish, it's not just an annoyance--your business can now be shut down by
hackers, not merely inconvenienced."
A survey conducted earlier this year by the Computer Security Institute,
in conjunction with the FBI, showed a 36 percent increase in quantified
losses from security breaches compared to the previous year.
Network managers charged with securing data on computers attached to the
Internet can choose between newly upgraded software products from Axent
and Internet Security Systems, an insurance program, or a service provider
that offers financial guarantees.
The latest to jump into the Internet security market is giant insurer
Cigna Property & Casualty, which will sell insurance that guards companies
against financial losses suffered at the hands of hackers.
The Cigna program mimics in some ways the TruSecure offering of ICSA, a
for-profit security firm that inspects corporate networks and offers
$20,000 if the system security is breached.
Cigna's program is run in conjunction with the networking giant Cisco
Systems and NetSolve, a network security outsourcer. NetSolve uses the
NetRanger intrusion detection software that Cisco acquired in February
with Wheelgroup.
Coverage for Cigna's new Secure Systems Insurance ranges up to $25
million, and premiums run into five figures.
Cigna's insurance covers computer crime involving theft of money,
securities, and property, damage by hackers to a business's data or
software, and business losses stemming from attacks on a company's
computer systems. Traditional property and general liability insurance
policies do not address these risks, Cigna said.
ICSA is expanding its TruSecure service by covering virtual private
networks (VPNs) as well as perimeter defenses of corporate networks. The
service already tests networks for security holes, recommends remedies,
and then assures companies that their defenses can't be breached in an
external attack.
TruSecure VPN includes remote and on-site assessments and encryption
testing as well as advice on closing security holes. Once a site is
certified safe, ICSA rechecks it quarterly.
A recent IDC study found that security worries are dissuading companies
from expanding their VPNs. VPNs use the public Internet for encrypted
communications instead of utilizing costly private networks.
ICSA runs a product certification program for VPN software, and the new
TruSecure VPN service builds on those testing procedures. The VPN service
is available now for $18,900; the full TruSecure service starts at $39,900
annually.
The two intrusion detection software rivals, Axent and Internet Security
Systems, are basically adding technology that the other one has. Intrusion
detection software, which detects and responds to attacks, comes in two
forms--network-based monitoring and host-based systems.
Axent has had host-based intrusion detection software, and now it's adding
network monitoring. ISS has been a network-based monitoring system and
now it's adding hosts. Both say no one else has both kinds of intrusion
detection software.
Axent calls its new network-monitoring technology NetProwler, and it works
with Intruder Alert 3.0, Axent's host-based product.
"The best, most comprehensive intrusion detection software needs to have
both network- and host-based capabilities packaged together under a single
management interface," Steven Foote, an analyst at Hurwitz Group, said in
a statement.
ISS is adding host-based monitoring in version 3.0 of its RealSecure
product, due to ship in December. Pricing is based on the size of a
network and begins at $8,995.
ISS also announced that Entrust Technology, which markets public key
infrastructure software for issuing digital certificates, will bundle ISS'
host-based intrusion detection software with Entrust's PKI systems by
year's end. A free 60-day evaluation copy of ISS' network-monitoring
software, Internet Scanner, also will be shipped with Entrust
applications.
In addition, ISS also introduced a new decision-support application that
integrates data from its intrusion detection software with third-party
information to give customers a view of their enterprise's entire security
set-up. SAFEsuite Decisions automates the collection, integration,
analysis, and reporting of security data from multiple sources and
locations. It can use data from security software from other vendors, such
as firewalls.
SAFEsuite Decisions 1.0 is scheduled to ship by year's end with pricing
from $25,000, depending on the size of a protected network.
-o-
Subscribe: mail majordomo�t_private with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30
: Fri Apr 13 2001 - 13:06:29 PDT
