Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

October 20, 1997, Section: Management & Security

Security Tools Still A Mosaic -- Interoperability, integration in infancy

By Rutrell Yasin

Atlanta - Security tools currently available may not be fully interoperable, but that shouldn't prevent your organization from deploying them.

That was the message two weeks ago at the NetWorld+Interop conference here, where Aventail Corp. and 11 other security vendors organized a multivendor "Internet Security Hot Spot" booth that demonstrated how companies can interweave multiple Internet security tools to protect networks that support branch offices, customer and supplier sites, and mobile users.

The goal of the demonstration was to educate IT managers about the security technology required to protect intranets, extranets and internal networks connected to the Internet. The exhibit displayed emerging methods for protecting networks from internal and external threats; managing and securing Internet access; implementing virtual private networks for linking mobile users, telecommuters and remote offices; and securing electronic commerce.

The demonstration also offered a look at a variety of interrelated security products, including antivirus and content filtering software, authentication, data encryption, firewalls, intrusion detection, and network security assessment and monitoring tools.

Although there is little standardization-and even less interoperability-among multivendor security products, companies "can implement solutions without complete interoperability," said Evan Kaplan, president and CEO at Aventail. True integration between security tools, where there is actual sharing and exchange of information, is still a long way off, Kaplan said.

Standards would give the fragmented security industry a boost, but security standards are still evolving. "Security is the most fractured part of the networking industry," he said. Vendors need to coalesce around standards such as X.509, SSL and IPsec, Kaplan said.

Participants in the demonstration attempted to show security integration in its early stages, but some experts questioned whether the process of building true integration has really begun. "I'm not sure if it's even born," said Jude O'Reilley, a research analyst at Gartner Group (www.gartner.com)

Each security tool has its own proprietary audit log and proprietary protocols, O'Reilley said. Until these capabilities can be linked, there can be no real integration of security products, he said. Some of this integration will inevitably take place as larger vendors buy some of the smaller players, he said.

Among the firewall vendors participating in the demonstration were Check Point Software Technologies Ltd., Cisco and Trusted Information Systems Inc. VPN vendors included Aventail Corp., NEC Corp., Red Creek Communications and VPNet Technologies. Intrusion detection and network assessment capabilities were supplied by Internet Security Systems and Network General. Authentication and content filtering were provided by Axent Technologies Inc. and Cyber Patrol.