- Email: [email protected]
Detect and defuse security violations
News professional services organization with the addition of Knowledge Services, offering amongst other services a Windows NT security guide, SAVANT. Designed to help customers better leverage the wealth of security knowledge within ISS, Knowledge Services will provide organizations with the ability to outsource security policy research and documentation, security threat impact analysis and secure E-business implementation assessment. Knowledge Services will offer a range of services, including: • The SAVANT Windows NT Security Guide — This service provides ongoing best practice security advice on the Microsoft Windows NT operating system. Customers gain full access to a full colour paper and electronic version of the guide, which is updated regularly to include the latest Microsoft security information. • Customized security guides — Security guides can be produced to cover both operating systems and applications at a level required by the customer. These documents can also be kept up to date on an ongoing basis. Customized security guides produced by ISS to date include: UNIX, Novell, AS400 and VMS operating system guides, PCAnywhere, Microsoft SQL Server and Oracle application guides. • Security Research Services — ISS’s knowledge Services division utilizes a comprehensive security research lab and can undertake a range of specific security research tasks on behalf of customers. 4
• Security Advisory Service — This service provides timely notification of all vulnerabilities discovered in operating systems and major software products within a maximum of 48 hours of becoming public knowledge. Where vulnerabilities are discovered by ISS’s X-Force, these will be the subject of a security advisory prior to being made public. Detailed advice on the nature of the vulnerability will also be provided, along with valuable information on security risk countermeasures. For further information, contact Kevin Black, ISS Group Ltd, on Tel: +44 (0)118 959 3800; Fax: +44 (0)118 959 3888; E-mail: [email protected]; Web site: www.iss.net.
VIPER: an antivirus solution for E-business Network Associates has announced a solution to enable third party developers and service providers to easily embed the McAfee VirusScan engine into Linux-based Ebusiness applications, Internet appliances and managed service offerings. The new McAfee Virus Interface for Protective Early Response (VIPER) for Linux is a software development toolkit that creates high-performance anti-virus solutions for Ebusiness applications. Key benefits of VIPER include: • An ability to write directly to the scanning engine for enhanced performance and protection of high Internet traffic environmnets;
• Support for HTTP, SMTP and FTP protocol scanning; • On the fly file decompression, macro virus support and heuristic analysis; • Automatic updates for maintenance-free protection; • Virus detection and cleaning; • Scanning of boot sectors, partition sector and files; • Support from McAfee AVERT (Anti-Virus Emergency Response Team). The McAfee VirusScan products support a number of platforms, including Linux, Windows 3.x, Windows 9x, Windows NT, Windows 2000, Novell Netware, Sun Solaris, HP-UX, IBM AIX, SCO OpenServer and the Mac OS. For further inforamation, contact Caroline Kuipers, Network Associates, on Tel: +44 (0)1753 827 500; E-mail: [email protected].
Detect and defuse security violations Cryptic has launched a new software tool that is distributed by Concentric Software Distribution through a small network of sectorspecific resellers, which is able to detect and defuse security violation threats to IT systems — whether these are known or unknown threats. Called CyberSight, the product will detect violations including hacking, fraud, data theft, resource and policy abuses such as image encryption and illegal downloads, pirating, sniffers and other nonstandard tools, security risks such as the use of chat tools, espionage including phone
tapping and stealth loggers, and work rage-related bombing, flaming and flooding. Instead of just searching through a library, CyberSight uses a combination of three approaches, collectively known as ‘Shape Technology’, to identify a particular threat, even if it has been hidden by being zipped, encrypted and name changed. Wrappers are also identified, leaving little opportunity for an illegal file to remain undetected. The first of CyberSight’s two components to the detection of security violations is called Threat File. This is an encyclopaedia of programs and tools used to breach network systems, all entirely separate from viruses. Currently being expanded on a daily basis, Threat File will characterize and neutralize a vast array of internal and external network intrusion devices that are not currently detectable. The Detection Engine is a custom-built scanning application which will find violation tools wherever and however hidden, even if compressed, encrypted and recompiled to avoid detection. This includes plain text and polymorphic hacks. CyberSight also includes a policy enforcement process which helps to enforce corporate policy by allowing administrators to customize the Threat File to include particular types of companyspecific threats. For further information, contact Concentric Software Distribution, on Tel: +44 (0)1604 679393; Web site: www.concentricsoftware.co.uk.
• Security Advisory Service — This service provides timely notification of all vulnerabilities discovered in operating systems and major software products within a maximum of 48 hours of becoming public knowledge. Where vulnerabilities are discovered by ISS’s X-Force, these will be the subject of a security advisory prior to being made public. Detailed advice on the nature of the vulnerability will also be provided, along with valuable information on security risk countermeasures. For further information, contact Kevin Black, ISS Group Ltd, on Tel: +44 (0)118 959 3800; Fax: +44 (0)118 959 3888; E-mail: [email protected]; Web site: www.iss.net.
VIPER: an antivirus solution for E-business Network Associates has announced a solution to enable third party developers and service providers to easily embed the McAfee VirusScan engine into Linux-based Ebusiness applications, Internet appliances and managed service offerings. The new McAfee Virus Interface for Protective Early Response (VIPER) for Linux is a software development toolkit that creates high-performance anti-virus solutions for Ebusiness applications. Key benefits of VIPER include: • An ability to write directly to the scanning engine for enhanced performance and protection of high Internet traffic environmnets;
• Support for HTTP, SMTP and FTP protocol scanning; • On the fly file decompression, macro virus support and heuristic analysis; • Automatic updates for maintenance-free protection; • Virus detection and cleaning; • Scanning of boot sectors, partition sector and files; • Support from McAfee AVERT (Anti-Virus Emergency Response Team). The McAfee VirusScan products support a number of platforms, including Linux, Windows 3.x, Windows 9x, Windows NT, Windows 2000, Novell Netware, Sun Solaris, HP-UX, IBM AIX, SCO OpenServer and the Mac OS. For further inforamation, contact Caroline Kuipers, Network Associates, on Tel: +44 (0)1753 827 500; E-mail: [email protected].
Detect and defuse security violations Cryptic has launched a new software tool that is distributed by Concentric Software Distribution through a small network of sectorspecific resellers, which is able to detect and defuse security violation threats to IT systems — whether these are known or unknown threats. Called CyberSight, the product will detect violations including hacking, fraud, data theft, resource and policy abuses such as image encryption and illegal downloads, pirating, sniffers and other nonstandard tools, security risks such as the use of chat tools, espionage including phone
tapping and stealth loggers, and work rage-related bombing, flaming and flooding. Instead of just searching through a library, CyberSight uses a combination of three approaches, collectively known as ‘Shape Technology’, to identify a particular threat, even if it has been hidden by being zipped, encrypted and name changed. Wrappers are also identified, leaving little opportunity for an illegal file to remain undetected. The first of CyberSight’s two components to the detection of security violations is called Threat File. This is an encyclopaedia of programs and tools used to breach network systems, all entirely separate from viruses. Currently being expanded on a daily basis, Threat File will characterize and neutralize a vast array of internal and external network intrusion devices that are not currently detectable. The Detection Engine is a custom-built scanning application which will find violation tools wherever and however hidden, even if compressed, encrypted and recompiled to avoid detection. This includes plain text and polymorphic hacks. CyberSight also includes a policy enforcement process which helps to enforce corporate policy by allowing administrators to customize the Threat File to include particular types of companyspecific threats. For further information, contact Concentric Software Distribution, on Tel: +44 (0)1604 679393; Web site: www.concentricsoftware.co.uk.