RSA confab: Boom times for security

(continued from previous page)

On the PC security side, Internet security company CallingID is set to release a version of its toolbar for the Firefox Web browser. The toolbar is designed to offer protection against phishing and other online attacks. It shows, among other things, who owns the sites a surfer visits and indicates whether the site can be trusted for business transactions.

Zone Labs, part of Check Point Software Technologies, is expected to introduce a 64-bit version of ZoneAlarm , its free firewall product. A 64-bit version of ZoneAlarm Pro, a for-pay product that includes spyware protection and a firewall, is due out later.

For Linux users, Eset will launch a new version of its NOD32 software. The product protects Linux systems against a host of threats, including viruses, Trojans, spyware, phishing and other malicious software, the company said.

To secure wireless connections, AirTight Networks plans to announce SpectraGuard Safe software, which lets administrators control wireless connections on PCs. It's designed to allow or prevent connections using various technologies, including Wi-Fi, Bluetooth and EvDO.

There are also options for file security. Tablus intends to give details about a technology relationship that will enable its customers to encrypt information on the fly. At the same time, GuardianEdge plans to launch the company's Encryption Anywhere Hard Disk platform, a full-disk encryption product.

Companies worried about an increase in the use of Skype on their networks can turn to Blue Coat Systems. The proxy-appliance maker plans to announce changes to its product line to allow network administrators to control which users can use Skype. Previously Blue Coat's products allowed only organization-wide blocking of the popular Internet telephony application.

In the enterprise rights management space, Liquid Machines plans to announce Document Control 6.0. The update is set for release in April and works with Microsoft's Windows Rights Management Services. New features include secure collaboration, application-level auditing and reporting, centralized policy administration and enforcement, and support for the Microsoft .Net architecture, the company said.

Vulnerability management company nCircle will show a new tool designed to help enterprises analyze security data. Called nCircle Focus and set to arrive in April, the tool promises to help companies more efficiently identify where there are risks, the company said.

nCircle faces competition from Novell, which plans to show off a new version of Novell Audit. The secure logging and auditing product collects data about the security, system and application events that occur across a network. Novell Audit can immediately notify users when a security breach occurs, the company said.

You've got e-mail tools
On the e-mail side, antivirus software maker Sophos is set to introduce the ES4000, an e-mail security appliance. The new product, due by the end of March, offers automatic updates and Web-based management features. It also removes viruses, spam, spyware, Trojans and other forms of malicious software from e-mail, Sophos said.

In the same realm but on the hosted side, Postini said it will launch its Postini Encryption Manager. The company has integrated encryption technology from Zix with its technology to allow its customers to secure sensitive e-mail, including to recipients who don't have encryption software.

Database security vendors are also seeking the spotlight. Application Security will demonstrate a new version of AppRadar, its database intrusion detection and security auditing product. Scheduled to be available next month, the new version improves protection for databases against attacks, abuse or misuse without degrading database performance, the company said.

Another database security company, Guardium, is set to showcase its recently announced Data Privacy Accelerator, which is designed to prevent unauthorized access to confidential data stored in databases. Guardium's appliances support major databases, and the new product includes policies, real-time alerts and audit reports.

Protegrity said it will unveil a product to protect sensitive data inside a company. Defiance 4.0 is a suite of tools meant to protect data at the application, storage, file and database levels. It also includes auditing capabilities.

The show will still have plenty for the cryptography die-hards, including the traditional cryptographers panel and a session that might cause a stir, called "Cryptanalysis of Hash Functions and Potential Dangers."

[Macsaresafer]

Hmmm,

So 90% of the population has been suckered-in to using the
world's least secure OS, and we're supposed to be surprised that
in the "security" industry "There has been significant growth."
Amazing.

Before some dimwit tries to claim that the Mac OS and other
OSes are just as vulnerable but don't have the market share to
warrant attacks, please note that pre-OS X versions of the Mac
OS had viruses. OS X's market share is larger than previous
versions of the Mac OS and it has been virus free for nearly 6
years! Cell phone OSes like Symbian have had viruses when they
had well under a million users, compared with the 30+ million
Macs in use today.

The fact is, Microsoft's laughable OS is generating big business
for the security industry. I'm not saying the Mac is 100% secure,
but neither is Fort Knox. Windows on the other hand, is like a 24
hour convenience store with no security cameras in a drug
infested part of town. It's just too easy and tempting a target.

[Marcus Westrup]

To be fair,

Security is not just keeping hackers off your network and out of your OS. Everything from social engineering attacks to properly disposing of company garbage must be taken into account. The company employee is often the biggest security risk not because of ill intent, but because he/she is not aware of how valuable that spreadsheet before them is to a criminal or corporate spy.

[jmanico]

SANS Institute

RSA shows are fluf, BS and total GLAM show with no substance. If you want a REAL security conference with true hands-on classes in a wide variety of security subjects, check out www.sans.org !