Security Vendors Promise Increased Performance

Two components of successful E-commerce are often at odds: system performance and security. This week, several security vendors are touting enhancements to their systems that they say will bring companies a step closer to both steady performance and system security.

Netscreen Technologies Inc. is releasing its new ScreenOS 2.7 firmware, which it promises will bolster high-availability features of its Netscreen 500 and 1000 firewall and virtual private network products. Customers can build network-clustered "full mesh" network topologies for active-active load sharing and sub-second stateful failover. What that means, says Infonetics analyst John Lawler, is that customers can now connect many Netscreen units to create "one highly redundant firewall." And, unlike active-passive topology, companies can better utilize their firewall and VPN throughput because all of the systems are working together steadily instead of waiting passively for possible failure of their active units.

Distributed denial-of-service attacks (DDOS) remain a threat to E-commerce performance. This week, Captus Networks Corp. is offering to help reduce that threat with its enhanced anti-DDOS CaptIO security technology, which can help thwart a SYN flood, a common type of DDOS attack. In this type of attack, intruders simulate the beginning of a network connection and the server waits for a response from the attacking system. As more of these requests are opened, the server must dedicate more resources to them, which increases the chances of the server crashing.

Captus chief technical officer and co-founder Rich Helgeson says the enhancements will identify and stop these types of attacks in less than a second. Captus also claims its systems now can automatically identify malicious "port scans," which intruders use to identify potential system weaknesses to launch an attack. Once systematic scanning is identified, CaptIO thwarts the attacker by either alerting system admins of the activity, or denying access to any systems violating the company's established scan policy.

Intrusion-prevention vendor Okena Inc.'s focus is on stopping attacks before they paralyze a system. And Eric Ogren, Okena's VP of marketing, says the company will be even more successful at doing that as it releases its enhanced Stormwatch software, which can stop buffer overflow, port scan, SYN flood, and other common attacks. Previous versions supported up to 250 agents; Stormwatch 2.0 now supports 2,500 agents and both Windows 2000 and NT. Pricing starts at $2,210 for the management console, $795 for server agents, and $50 for desktop agents.