Security vendors Lancope, Network Associates and Symantec are looking to address a variety of user security concerns with enhancements to intrusion-detection systems, patch management and Secure Socket Layer VPNs, respectively.

Lancope this month unveiled two new models of its StealthWatch IDS, the M45 and the M250 aimed at small to midsize businesses where maximum throughput requirements top out at 45M bit/sec and 250M bit/sec. These two appliances, which start at about $10,000, work the same way as Lancope's gigabit-speed G1 in scanning for worms and network-based attacks.

The boxes also are helpful in identifying traffic streams that might indicate illegal activity on the network, says Todd Ferris, director of privacy and data security at Stanford University's School of Medicine, which deployed StealthWatch about six months ago.

"Lancope's StealthWatch monitors based on a profile of a host, and when it sees something it hasn't before, it raises the 'concern index,'" Ferris says. After the university's medical school deployed the IDS to monitor outbound and inbound Internet traffic, they found that computers had been broken into and hackers from all over the world had taken over FTP servers to exchange files, mostly DVD movies and pornography.

These kinds of unwanted occurrences - in combination with computer worm attacks - are spurring the university, which has maintained an open atmosphere in terms of networking, to add security precautions that include a firewall and anti-virus software. "We have machines broken into every day," Ferris says. "Because of all these things happening, the university is changing its stance."

Keeping up with computer software patching to prevent worm and hacker exploitation remains a top concern. To that end, Network Associates last week announced that its McAfee ePolicy Orchestrator (ePO), the security console that can collect information from McAfee software agents for servers and desktop, now will be able to detect whether a Microsoft-based host computer needs a patch update. This would be done by adding what the company calls System Compliance Profiler software to ePO.

"The System Compliance Profiler, which we're making available to existing customers for free, is a host-based scanner to check to see if the correct patches are installed," says Steve Crutchfield, group marketing manager. The tool can be configured to search based on the Microsoft file, service registry key or specific Microsoft patch number." Network Associates has no plans to expand the tool into non-Microsoft-based systems.