Computer Associates Reengineers Products for Web Access Control

Building new features into its eTrust product line, CA extends into a competitive market

• By Matt Migliore
• 12/04/2002

Part of the eTrust line of solutions, CA’s Web access control offering draws from the capabilities of three particular pieces of software—eTrust Directory 4.1, eTrust Access Control 5.2, and eTrust Single Sign-On 6.5. Using those products as its foundation along with some new development—by CA’s estimate about one-fourth of the product is new functionality—eTrust Web Access Control provides features for authentication, authorization, identity management, and infrastructure hardening.

According to CA, intrusion prevention was a key focus during the development of its Web access control software. As such, CA has designed it to not just perceive intrusions (intrusion detection) but actually thwart them.

Intrusion prevention is one of the more prominent trends among vendors of Web access control software. Many players in this market have already released solutions with features for the nascent concept, though most have slightly different takes on what actually constitutes intrusion prevention from a technology standpoint.

Simon Perry, vice president of security strategies for Computer Associates, says CA views intrusion prevention as wrapping security parameters around the application and host layers of a company’s IT infrastructure. “That’s what eTrust does,” he says.

Entercept Security Technologies, Symantec Corporation, Tivoli, and TrippingPoint Technologies Inc. are some of the other notable vendors currently touting intrusion prevention features in their products.

One of the primary differentiators of CA’s Web access control software is that it comes packaged with an LDAP-accessible X.500 database. A recent report by Aberdeen Group Inc., titled “Best Practices for Personalizing and Protecting Web Portal Applications,” notes that with embedded LDAP support, CA is “alone among the companies providing Web access control offerings.”

Moreover, Aberdeen says “[the product’s] embedded LDAP works readily with LDAP repositories that are already deployed on the enterprise network, thereby eliminating previously encountered difficulties and costs for unplanned and ugly user account migrations.”

Meanwhile, the most obvious shortfall of CA’s Web access control software is its lack of support for SAML (Simple Assertion Markup Language). Like intrusion prevention, compatibility with SAML is something vendors in the Web access control space are quickly adding to their product lines.

Catherine Quirk, a senior analyst with AMR Research Inc., says most Web access control vendors offer some level of SAML support. “SAML will be very important in allowing users to have their credentials passed on in a secure manner without having to sign in again and again at different sites,” she says. “Really, that’s one of the core reasons why organizations look at Web access control and single sign-on.”

According to a CA spokesperson, SAML compatibility, while not in the current release of eTrust Web Access Control, is something that will be considered for future versions.

“It's definitely a good thing that they're thinking about [SAML] for future releases, and I will say that it seems odd with a new release that they didn't include it,” Quirk says. “However, it is in its first version, and likely to go through many, many more iterations in the not so distant future. So I won't say it puts CA at a disadvantage technically, but they will be lacking that ‘checkbox,’ if you will, on RFQ's and RFP's for potential new customers.”

SAML aside, CA’s Web access control software is comparable with most of the competitive solutions on the market. Perry points to scalability as an area in which the product is particularly strong. The software can scale to accommodate as many as 100 million users, a metric that while it may seem outlandish, Perry says has proven to be a requirement for some customers. “We just signed a contract with a large bank, and just to get in the door we had to prove that we could scale to 100 million."

Aberdeen also cites scalability as one of the product's strengths: “eTrust Web Access Control contains one of the fastest directories for searching—an extremely good indicator of performance.”