NetScreen Plugs Intrusion Prevention Into Firewall.
NetScreen Technologies Inc will today say it has completed the second phase of its integration of intrusion detection and prevention technology into its product line, announcing the November availability of ScreenOS 5.0.
The new "deep inspection" firewall software will feature a subset of the attack-blocking functionality found in the NetScreen IDP devices. The offering represents the latest stage of NetScreen's strategy of perimeter security convergence.
"Stateful inspection doesn't really protect against application-level attacks like the worms that have been running over our networks for the last couple of months causing so much trouble," NetScreen's VP of marketing David Flynn said.
While IDP uses eight methods of detecting attacks, ScreenOS 5.0 used just two of those, protocol anomaly detection (checking that traffic conforms to the relevant RFCs) and signature detection (checking the traffic doesn't match known attack patterns).
These are the two methods that generate the least false positives in IDS and as such are most suitable for deploying in the data stream without having to be constantly observed and fine-tuned by an administrator, Flynn said.
The next stage of NetScreen's plan is to release hardware-accelerated versions of the same firewalls, using custom ASICs the company currently has under development. These will protect at Gigabit speeds and are due in the first half of next year.
In the meantime, NetScreen is recommending its firewall-IDP boxes for relatively low bandwidth deployments, such as branch offices and smaller companies, while core enterprise networks should stick to a two-box deployment, Flynn said.
"The thing with deep inspection is that doing this level of inspection claims an order of magnitude more processing power to look into the data streams," Flynn said. "T-1, DSL, easy... T-3, fine... Gigabit, we're not there yet."
While the software still has VPN functionality in it, Flynn said the company has no plans to integrate SSL VPN technology, which it has following the acquisition of Neoteris Inc a few weeks ago, into the software.
The company bought OneSecure Corp, an intrusion prevention developer, a little over a year ago, and last October shipped phase one of its integration - a NetScreen-branded version of OneSecure's appliance.
That was arguably the start of an industry movement towards redefining the firewall market to include application-level prevention, which incidentally kick-started the decline of the intrusion detection system market on the way.
Everybody is at it. Internet Security Systems Inc last week said it is no longer an IDS firm, as it released a perimeter security device that uses some of its own technology and some licensed from third parties, and fits the new definition of firewall.
Symantec Corp this summer also released a security gateway with application-level inspection, that crams the same kinds of software - anti-virus, firewall, intrusion prevention, VPN - onto a single device.
Check Point Software Technologies Ltd attempted something in this area earlier this year, when it announced Next Generation with Application Intelligence as the latest brand of its flagship firewall software.
Flynn thinks Check Point has the right idea, and is moving in the same direction as NetScreen, but doubts its ability to execute. "They're playing into our strategic advantages," he said.
To do the convergence thing right, Flynn said, a vendor needs the deep packet inspection functionality, but they also need to back it up with the hardware to provide the performance, which he doesn't think Check Point has.
|Printer friendly Cite/link Email Feedback|
|Article Type:||Brief Article|
|Date:||Oct 20, 2003|
|Previous Article:||Reliance Acquires Flag Telecom for $207m.|
|Next Article:||NAI Expands Deals with DoCoMo, MSN.|