Intrusion Detectives Sniff Out Market

With the recent rash of e-mail-borne viruses crippling corporate networks, most IT directors would agree that network security is a prime concern. When the attacks are stepped up to a hacker seizing control of the network, however, a firewall is no longer enough protection.

Jumping into this relatively wide-open security niche is the intrusion detection (ID) market space. Rather than sitting outside the network as a first line of defense, ID products are integrated into the network. There are two types of ID products: host-based and network-based. Host-based products monitor a particular server or set of servers for unauthorized access attempts, and block those attempts. Network-based ID products monitor network traffic for traffic that may slip by the firewall but could still be inappropriate or unauthorized.

"The firewall is the locks on your doors and windows, designed to keep people out and sometimes let you know when someone tries to get in," said Eric Hemmendinger, senior analyst with the Aberdeen Group. "Intrusion detection tools are more like a burglar alarm - designed to spot a break-in attempt and notify you."

The ID space, having been around for the past half decade, has already undergone a fair amount of consolidation, according to Hemmendinger. It continues to evolve, and the new solutions being introduced to the market are more geared toward end users and IT professionals who are not necessarily security experts.

The ID market space recently was bolstered by Symantec Corp.'s acquisition of Axent Technologies Inc. Symantec, a maker of antivirus software products, acquired Axent on July 31 in a stock transaction.

Symantec, which has lately been shifting its market focus from consumer to business-to-business products and solutions, acquires in Axent a small company solely based in security solutions. In addition to Axent's products and services, Symantec gains entry into an entire segment of market share and mind share that it was not previously able to access.

The development of the ID market space is not limited to major corporate mergers. Several small companies are entering the space with their own ID offerings. One such company, Intrusion.com, offers its SecureNet Pro ID software, a network-based system. It features 300 attack signatures in its database, as well as a high-performance ID system, which can monitor a 100 Mbps data flow without dropping packets. A future version of the product will be able to monitor Gigabit Ethernet flows.

SecureNet Pro is more easily expanded because the software was designed in a C-like language. Thus, each time a new attack is recognized, developers can add its signatures to the database, preventing that type of attack in the future.

"IS decision-makers responsible for high-speed networks have few options for network-based intrusion detection," said Hemmendinger. "The simple truth is that few offerings can keep up with the network bandwidth. Intrusion.com's SecureNet Pro software does keep up with enterprise-class networks."

Tim Kinnear, president and CEO of Intrusion.com, reiterated the unique market position of the ID space. "Most customers have installed firewalls, a good first step," he said. "But they need to take the second step, which is where intrusion detection comes in."

Another newcomer to the ID space is SafeLoop.com Inc., which produces SafeLoop, a messaging security system. SafeLoop protects against e-mail attacks.

The software transmits all of its e-mail messages in HTTP, avoiding e-mail-borne viruses, which tend to attack using the SMTP e-mail protocol. Additionally, SafeLoop routes all messages through the SafeLoop Message Transfer Server and then re-mails them to the intended recipient. Essentially, the SafeLoop product serves as a corporate, network-wide VPN.

Art Hunter, president of SafeLoop, said, "This isolation from the mainstream Internet and no dependency upon popular applications for reading e-mail prevents attacks by viruses or worms that are designed to work with those popular mail readers."

The ID space is poised to take over as the next generation of security products. Ultimately, the integration of ID products and companies into first-generation security products and providers will propel overall network security into the future.