Securing both ends of the network chain

CyberCop earns an upset victory by simultaneously monitoring internal and external system and network users.
Posted February 1, 2000
By

Erik Sherman


Security technology may have come far--moving from firewalls to repel hackers to systems that enable sophisticated e-commerce and remote access applications. But company strategies have a ways to go if the results of Datamation's 1999 Product of the Year survey are any gauge.

The winner of the contest for security products released in 1999 was an innovative entry: CyberCop Monitor from Network Associates Inc., of Santa Clara, Calif., which garnered 32.7% of the ballots--or 74 of the 226 total votes cast. CyberCop detects unauthorized attempts to break into a system or network.

While traditional intrusion detection products focus on either securing products from unauthorized internal use or alerting administrators of potential hacking attempts coming over a network, CyberCop Monitor combines both functions. This means one software package simultaneously monitors internal and external system and network use.

Security category

Datamation readers had the following nominees to choose from:

Product Vendor
VPN Concentrator Altiga Networks
Entercept ClickNet Software Corp.
Password Courier Courion Corp.
Centrax CyberSafe Corp.
Entrust/PKI 5.0 Entrust Technologies Inc.
SiteMinder 3.6 Netegrity Inc.
CyberCop Monitor Network Associates Inc.
Products with more extensive security features ran far behind CyberCop, receiving around half of its votes at most. Second-place winner, Waltham, Mass.-based Netegrity Inc.'s SiteMinder 3.6, for example, which permits single-user sign-on to a range of Web applications, got only 19% of the nods from voters, or 43 total votes. Entrust/PKI 5.0 from Entrust Technologies Inc., of Plano, Texas, which ran third, receiving 39 votes or 17.3%, is a public key infrastructure (PKI) product that offers strong user authentication through digital certificates for remote access and e-commerce.

The results were surprising, according to Mark Bouchard, senior research analyst in global networking strategies at META Group Inc. of Stamford, Conn. CyberCop Monitor is "a relatively new concept of where you place intrusion detection." he says.

Chris King, META's program director of service management strategies, thinks the unobtrusive nature of CyberCop Monitor may have proven attractive. "It's a product that people can implement without huge changes to their organization," says King.

To users like Daniel Feuer, though, CyberCop Monitor's main attraction is its ability to monitor internal security, along with external. "Most people don't realize that the majority of security problems are internal," explains Feuer, president of Toronto-based electronic security trading consulting firm Fire International Inc. "[Now there is] one core product that will enable you to cover both ends."

Another capability Feuer likes is its ability to remotely monitor his company's client sites across North America. If CyberCop detects an intrusion attempt, it can send a warning e-mail and also create on-the-fly HTML reports for display on an intranet or extranet Web page.

A bunker mentality

Despite the technical advances favored in first place, the overall voting showed something approaching a bunker mentality. According to both META analysts, the voting results reinforced their observations that most companies are reactive, seeing security as something for warding off attacks, and not as technology that can expand business capabilities.

"It's interesting and not surprising that a defensive-oriented security product holds the most interest for companies out there," Bouchard says. Businesses should focus on security as "an enabling technology," he says. "Going forward, I'd expect more organizations to adopt an offensive mind-set that will enable new interactions with partners and customers. We're starting to see that movement afoot," says Bouchard.

However, before a company starts moving, it needs to see the reason for taking a first step. "We haven't seen a large need for something like [PKI]," says Feuer. "Granted, it could happen."

VPNs will dominate the security market
Source: Yankee Group

One company that has seen a reason for more advanced security measures is Chevron Canada Ltd., a wholly owned subsidiary of energy company Chevron, which wholesales and retails fuel products in British Columbia. The company wanted to provide remote access for employees though a virtual private network (VPN). To ensure that no one broke into the corporate network from the Internet, Chevron Canada decided to use Entrust Technologies' Entrust/PKI.

"Originally, our Internet connection was done through Chevron," explains network specialist James Eaton in Vancouver, British Columbia. "We had nothing to start with, and we could build something from the ground up. Putting a firewall in wasn't good enough for us." The company had a vision of remote access with strong authentication, requiring additional technology like PKI.

Eaton has recently implemented Entrust/PKI version 4, and has also used the beta for version 5. "From what I've seen, Entrust is certainly the best out there. The version 4 is good, but I think the version 5 is excellent. It's a huge leap, like going from Windows for Workgroups to Windows NT or Windows95," says Eaton, who plans to implement version 5 as soon as the VPN products Chevron uses support it. PKI will become even more important to the company in the next few years, as it wants to run the VPN tunnel back to network applications and enable e-commerce with its customers and suppliers.

Possible trend for 2000

Despite the experiences of companies like Chevron Canada, the strong preference in the 1999 Product of the Year survey for a defensive security product has META's Bouchard wondering whether the trends mirrored by the vote may be more indicative of smaller and mid-size firms.

"This chart and the results may not be reflective of the Fortune 1000," says Bouchard. "We may see the PKI and Web single-sign-on bubbling to the top [soon]." //

Erik Sherman is a journalist, author, and photographer in Marshfield, Mass. His latest book, published by Sybex, is "Home Networking! I Didn't Know You Could Do That."