Although it's the heart of summer, security vendors don't seem to be going on vacation. Symantec, eEye Digital Security, NFR Security and Vernier Networks are rolling out new products designed to stop worms and other threats.

Symantec next month is scheduled to release an intrusion-prevention system (IPS) appliance line aimed at competing with equipment from the likes of Internet Security Systems (ISS), McAfee and TippingPoint Technologies. The three models in Symantec's Network Security 7100 Series will block a range of attacks, including worms, but can also operate in passive mode as intrusion-detection systems (IDS), Symantec says.

"The 7100 Series will have pre-defined policies to tailor protection based on need," says Sandeep Kumar, Symantec's director of product management, noting that the three IPS models, ranging from 200M to 2G bit/sec, can be deployed at main distribution sites, edge or branch offices, or in data centers in a network core.

Because there always are new threats, Symantec will update the policies via the same LiveUpdate technology used in its anti-virus products. The company also will use it in its data centers around the world to offer IPS as an outsourced service.

Network managers take a cautious approach to IPS because they worry that blocking attack traffic with an in-line IPS could be disruptive.

Still, last week, NFR announced its first in-line IPS, called Sentivist, which will cost $22,000. The University of North Carolina at Charlotte, which is evaluating it, will swap out NFR's IDS now used at the campus Internet access point for a selected IPS.

"From a university perspective, we suffer greatly during worm outbreaks," says Carter Heath, IT security officer. To keep the university network from becoming crippled during major virus outbreaks, it has become necessary to begin blocking computer worms and other attacks rather than simply monitoring them through an IDS.