Vendors aim to help users simplify network security.

LAS VEGAS - A slew of vendors this week will take the stage at NetWorld+Interop 2002 Las Vegas to highlight new products and services aimed at making networks safer.

Vendors are looking to simplify this important task by processing multiple security applications on a single device, as is the case with start-up FortiNet. Others, such as Rainbow Technologies and Neoteris, will take advantage of ubiquitous Secure Sockets Layer technology to make Web access more secure and easier to set up. And still others, such as VeriSign, will offer services that let businesses turn over the burden of maintaining network integrity to someone else.

For its part, FortiNet is introducing six models of its FortiGate security-processing gear that bundles firewall, VPN, virus scanning and other security functions. The platform is based on FortiNet security chips called FortiASIC, which scan for virus signatures, accelerate cryptography, process packets for firewall filtering and manage approved traffic flows.

FortiGate can screen content by blocking all traffic from specified URLs and traffic from sites that are not banned but nevertheless contain banned content, the company says.

A FortiGate box performs virus scanning at Agile Networks' headquarters in San Jose and supporting VPN connections to remote users, says Francis Leong, systems administrator for the software company. He had been using SonicWall gear, but wanted to get rid of license fees. He continues to use SonicWall appliances at remote sites for VPN links because they are already in place and interoperate with Fortinet's equipment.

The FortiGate products, FG50, FG100, FG200, FG300, FG 400 and FG2000, range in price from about $700 to $40,000 and are available now for use in small-office to ISP data centers.

To the world of SSL remote access, Rainbow is introducing NetSwift iGate, a secure Web-access device. NetSwift iGate sits behind a corporate firewall and establishes SSL sessions over the Internet with remote users, authenticates them and sets up communication between remote machines and Web-enabled applications on servers that are protected by the firewall. Rainbow also makes authentication hardware tokens that it packages with iGate so users can practice what's known as "two-factor authentication" rather than supplying just a username and password to access protected resources.

NetSwift iGate costs $10,000 for 50 users and $90,000 for 3,000 users. It is scheduled to ship at the end of next month.

One of iGate's competitors, Neoteris, is introducing a smaller-capacity version of its Employee Access proxy box. Employee Access 150 is meant for 100 to 150 users as opposed to the original, which supports 1,000. The smaller capacity comes with a lower price - $10,000 vs. $15,000 for the larger version - so it is more affordable for smaller businesses, the company says. Neoteris also is introducing support for authenticating users via external Lightweight Directory Access Protocol directories.

Meanwhile, VeriSign will tout a new slew of managed security services for intrusion detection, VPNs and firewall monitoring to be provided through two operations centers, including its Herndon, Va., facility, where until now it only provided digital certificate and Domain Name services. A second VeriSign operations site will be at Downers Grove, Ill., the location of the managed security services provider (MSSP) Telenesus it acquired last year.

According to Bob McCullen, senior director for VeriSign managed security services, the range of equipment that VeriSign will remotely monitor on the customer's behalf includes the Cisco, Internet Security Systems and Enterasys Networks intrusion-detection systems (IDS), the Nokia and Check Point Software firewall/VPNs, and managed authentication services based on ActivCard hardware tokens. The company also will undertake managed virus scanning and content inspection.

The fees will range from about $2,000 to $2,200 per month for IDS management, while managed authentication would range from $3.50 to $12 per user, per month. Managed firewall service would cost between $1,000 and $2,500 per month. All the services include help desk, reporting and event correlation, McCullen says.

Of critical importance, VeriSign will rely on another MSSP, Counterpane, to help collect data from the customer's site and analyze it using Counterpane's Sentry monitoring equipment. VeriSign will send customer data collected by Sentry to Counterpane's security operations centers, where Counterpane's Socrates analysis engine will analyze it to assess security threats.

One Teleneus customer, National Tech Team, a help-desk outsourcing firm with $100 million in annual revenues and 1,300 employees, says it was unaware of this arrangement, but expected to transition to being a regular VeriSign customer.

"We need this type of service," says Maj Homa youn fal, National Tech Team's vice president of technology. "After Sept. 11, we wanted to be able to monitor day and night using IDS, and Teleneus had the know-how. And it's cost-effective."

Intrusion detection at N+I

For those interested in protecting their network devices from attack, Tripwire will have on exhibit Tripwire for Network Devices 2.0, the product evolution of what was formerly Tripwire for Routers and Switches. Introduced last fall, the server-based software for Solaris or Windows is used to lock down remotely made changes to Cisco IOS-based routers and switches. The Tripwire software also can restore files automatically if they are tampered with or destroyed in events such as power outages.

Tripwire for Network Devices 2.0, which costs $249 per node, extends data-integrity protection to Cisco's Catalyst switch, the Cisco PIX firewall and other vendor equipment, including the Hewlett-Packard ProCurve Switch and Foundry Networks and Extreme Networks gear.

Tripwire also makes a product for server-data integrity, and Tripwire is showcasing Tripwire for Servers 3.0, which adds a way to report to the Check Point management console and the Tripwire for Manager 3.0 console, which costs around $7,000.

Also new is a separate Tripwire for the Check Point firewall so managers can be informed of changes to the Check Point firewall, both authorized and unauthorized. Costing about $700, it will detect and report changes but not restore data.

Also at N+I, IDS vendor Recourse Technologies will unveil the third version of its ManTrap honeypot, a decoy computer used to spot hackers. ManTrap 3.0 adds a way to do "live-session playback" that can show an attack taking place graphically on the ManTrap console as it's occurring in near real time. ManTrap starts at $7,500.

In addition, says Fred Kost, senior vice president of marketing, Recourse will showcase ManHunt 2.1, which will be able to inspect traffic at 2G bit/sec, doubling the previous speed. Kost says a lot of the advance is possible because Intel processors are improving to help with processing power. ManHunt 2.1, which costs $25,000, also will be able to use SQL to export data into reporting packages.

Recourse which today will announce $11 million in funding from Mesirow Financial, now has about 120 customers. Some customers say they also use ManTrap to look inside the corporate intranet for suspicious activity.

"It can help in spotting someone trying to hack into your wireless LAN," says Jeff Uslan, director of information protection and security at Sony Pictures Entertainment. "Someone can be in a parking lot trying to do this."