[ISN] Security consortiums fall short

From: mea culpa (jerichoat_private)
Date: Tue Feb 23 1999 - 06:34:48 PST

  • Next message: mea culpa: "[ISN] Are Pentagon computers compromised?"

      This message is in MIME format.  The first part should be readable text,
      while the remaining parts are likely unreadable without MIME-aware tools.
      Send mail to mimeat_private for more info.
    Content-Type: TEXT/PLAIN; CHARSET=us-ascii
    Content-ID: <Pine.SUN.3.96.990223073311.22244Oat_private>
    Forwarded From: darek milewski <darekmat_private>
    Security consortiums fall short
    By Jim Kerstetter
    More is turning out to be less for many corporate security administrators. 
    The half-dozen security consortiums that formed last year in the name of
    easier integration between products have fallen short of expectations,
    leaving users looking for new answers. 
    Although two vendor groups, the Open Platform for Secure Enterprise
    Connectivity Alliance and the Adaptive Network Security Alliance, are
    preparing to deliver new SDKs (software development kits)  for integrating
    security products into enterprise networks, the results of consortiums in
    general have been mixed. For example, alliances sponsored by other
    vendors, such as Network Associates Inc., Security Dynamics Technologies
    Inc. and Finjan Software Ltd., have produced little. 
    "Call me shortsighted, but all I'm worried about is integrating my new
    intrusion detection stuff with my old network management stuff," said Irv
    Newman, a network analyst at a Michigan manufacturing company. "And I need
    to do it soon." 
    Key problems involve gathering consensus within the various groups, which
    tend to gravitate toward a single vendor's product plans. 
    For example, the 200-member OPSEC Alliance was founded by Check Point
    Software Technologies Ltd., of Redwood City, Calif.; ANSA, with 60
    members, is headed by Atlanta-based Internet Security Systems Inc. 
    Nevertheless, the leading consortiums are starting to produce some
    Check Point released its OPSEC SDK late last year. It included APIs for
    Lightweight Directory Access Protocol directories, intrusion detection and
    network management protocols. This year, according to sources, it will be
    expanded to support more authentication mechanisms, such as X.509 digital
    certificates and smart cards. In addition, the group has certified more
    than a dozen vendors for interoperability. 
    "The OPSEC Alliance was started two years ago, and now we have a viable
    program," said Bradley Brown, director of business development at Check
    Point. "If I was starting a program like this now, I would say, 'Yes,
    there's not much point.' At best, it's going to take them two years before
    they can start providing value." 
    By the end of this month, ISS plans to deliver the first free SDK from
    ANSA, which was launched last fall. The Adaptive Network Security
    Management SDK will allow administrators to manage intrusion detection
    through their existing network management infrastructures. It will be the
    basis for integration with network management tools from Tivoli Systems
    Inc., Hewlett-Packard Co.  and Computer Associates Inc. 
    Other groups aren't faring as well. WatchGuard Technologies Inc.'s
    LiveSecurity Alliance, still longing for acceptance, will announce within
    two weeks the formation of the LiveSecurity Advisory Council. The council
    will analyze the latest security news, such as viruses and new hacks, and
    send alerts to customers. 
    But users waiting for the ultimate recipe for security integration
    shouldn't count on these consortiums, industry analysts said.  Instead,
    they should focus on smaller, individual partnerships that can more nimbly
    piece together a security infrastructure. 
    One such group is IBM's SecureWay, launched last month, which brings IBM
    firewall and virtual private networking software together with Symantec
    Corp. anti-virus software, ISS intrusion detection and Finjan mobile code
    scanning technology. 
    Security consortiums: A status report
         OPSEC Alliance (Open Platform for Secure Enterprise Connectivity): 
    Founded by Check Point Software Technologies two years ago to guarantee
    integration with its flagship Firewall-1.  Started publishing software
    development kits last year. ANSA (Adaptive Network Security Alliance):
    Founded by Internet Security Systems last fall to guarantee integration
    with its intrusion detection software. Will release its first major SDK
    this month. CCI (Common Content Inspection): Pushed by smaller companies
    such as Finjan and Aventail, it is focused on integration points for
    inspecting content entering a network and is embracing some of the work
    out of OPSEC. WatchGuard LiveSecurity Advisory Council: Still in the
    negotiation stage, it would create a group of security experts
    for sending out advisories on security problems such as viruses and
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:19:43 PDT