Security Firms Tackle Content Threat

Traditional security methods aren't robust enough to cope with today's multiple threats, and vendors need to up their game to help carriers and enterprises deal with the new techniques being deployed by hackers.

So says independent consultant Simon Hill, who has been examining the security market for a Light Reading Webinar, or online seminar, entitled "Multi-Layered Security: Security in an Insecure World," due to be given tomorrow (Wednesday). Anyone interested in the Webinar can still sign up for free by clicking on this link.

"Many current security solutions don't measure up to today's real-world threats," says Hill. "Hackers are using sophisticated techniques these days, going underneath the radar of traditional systems by hiding in the upper layers and embedding their threats in applications. We need more than just deep packet inspection -- all the content needs to be checked. And we need intrusion prevention as well as intrusion detection. These are the issues carriers and enterprises need to come to terms with, and that's what we'll be examining in the Webinar."

Some security system suppliers, such as Fortinet Inc. and Radware Ltd. (Nasdaq: RDWR), have already reacted to the challenge (see Fortinet Chases Carriers and Radware's 3-Gig Lock Box).

And now a British startup has entered the game with a product and service aimed squarely at service providers that want to offer managed content security services, an increasingly hot market, to their enterprise customers (see Managed Security Services Pipe Up and Pipe Cleaners).StreamShield Networks emerged last week with a technology called StreamScan that sits in a carrier's network and cleans up email and Web traffic before it reaches corporate LANs (see Detica Launches Streamshield Networks).

The U.K. firm, part of IT consultancy Detica (London: DCA), has a two-pronged approach to the market. Starting in October the company will offer a hosted service called StreamShield Protector, which blocks content containing security threats such as viruses and worms, blocks spam, enforces controlled access to online content, stores incoming emails if an Internet connection is lost, and provides the end user with a Web-based management and control portal. ISPs and service providers resell this service to their business customers.

The end user's traffic is redirected by its service provider through StreamShield's systems, which are based in several hosting centers around the U.K.. The traffic is checked, cleaned, and passed back to the ISP in real time, says StreamShield CEO Simon Gawne.

Then in 2005 the company will make its Content Security Gateway box, designed to scan up to 5,000 emails and filter 250,000 Web page requests per second, available to carriers and ISPs for them to manage and operate themselves. Its anti-virus engine is based on technology licensed from numerous anti-virus firms, and includes a constantly updated database of more than 100,000 known viruses (see StreamShield, SurfControl Partner). Gawne says trials will begin early next year, but wouldn't say whether any service providers had yet committed to trying out the product.

Gawne says the key to performing such tasks in real time is the use of customized FPGA (field programmable gate array) based silicon that can be updated as and when new security threats are identified. Gawne says that while there are many companies performing managed email security using software-based systems, such as MessageLabs, there is a gap in the market for service providers to provide an email/Web traffic combo using high performance hardware-based products, given the increasing number of threats being delivered from Web pages.And the CEO claims his company is alone in having all the security functions performed in the hardware rather than in a combination of hardware and separate software applications, and that this approach provides greater scaleability.

Hill says there's a real opportunity right now for companies that can deliver carrier-grade products that allow operators to offer multi-layered managed services. "Carriers need a solution, and there's definitely a gap in the market," says the consultant.

But, while the use of FPGAs might provide greater flexibility for high level, real-time content processing and updating, Streamshield isn't the only company that can claim to have a single-unit, multifunctional security product that can scale up to carriers' needs. Richard Hanke, VP of product management at Fortinet, says his company's 5000 product series "is very hardware-centric, because our performance edge comes from the ASIC providing the firewall and anti-virus functionality, [while] the management is software-driven."

He adds: "Any network-type equipment is made on a combination of hardware and software. Most early-generation security products were software-based but now, for performance, they are becoming more hardware-based, and ASICs accelerate that performance aspect."

And Hill notes that a number of companies, including Fortinet and Radware, are claiming wire-speed performance for their multifunctional security products. "But at the end of the day it's about what customers need, and they'll make the decision about what functions and capabilities they need," says Hill.Ray Le Maistre, International News Editor, Light Reading and James Rogers, Site Editor, Next-Gen Data Center Forum

For more on this topic, check out: