Both early stage and longstanding security vendors jockeyed for position in the evolving network security space at the RSA 2014 security conference. Companies including Narus, FireEye, Cyphort and Securonix, along with Fortune 500 companies such as Hewlett-Packard, demonstrated and discussed their newest security solutions.
Network security vendors were eager to persuade potential customers that their solution is the best choice to protect corporate networks. The current crop of security start-ups are focused at the network level and take a broad approach to the problem, David Monahan, an analyst at Enterprise Management.com, told securitycurrent. “They are creating solutions that provide data in a broader context when there is a security breach and actionable intelligence,” he said.
“Vendors explain to customers the root cause of the security breach, provide the means to tell what the root cause is, and where (the customer) needs to fix it,” said Monahan, who also said he has seen at least six new security companies pop up in the last 60 days.
One of those newcomers is Cyphort, which emphasizes that its architecture adapts to each corporate customer’s specific network architecture to scan for anomalies. As a result, Cyphort’s customers don’t need to deploy expensive network appliances to separate Cyphort’s traffic collection from its threat detection and analytics functions. Also, Cyphort and a number of its competitors promote their use of machine learning analysis and sandbox inspection of content. These tools reduce the number of false positives and provide an advantage when dealing with zero-day and armored malware.
Mergers and partnerships among security vendors are another approach security companies are taking to one-up their competitors with enhanced security solution portfolios. For example, Hewlett-Packard and Securonix announced their partnership to offer capabilities beyond those that FireEye and its latest acquisition, Mandiant, are selling.
Sachin Nayyar, Securonix CEO and founder, told securitycurrent.com that the partnership offers the market several competitive capabilities. For example, Hewlett Packard and Securonix are selling fully automated, behavior based, anomaly detection at the user, account, application, network and peer group level. This capability is useful for exfiltration detection and management, as well as for insider threat detection and management, said Nayyar.
Then there was Boeing Corp.’s Narus. The security vendor announced its nSystem’s security solution as well as its deal with Hewlett-Packard to provide interoperability with HP’s ArcSight. Together they look to capture more enterprise and government customers
Narus nSystem utilizes a combination of pattern recognition and machine learning. This approach gives nSystem the capability to recognize over half a million mobile and non-mobile applications on a network. Apps can be used to send intellectual property out of a company. Ordinarily, these pass through boundary protection mechanisms undetected, Prakash Nagpal, senior vice president of corporate and product marketing, explained to securitycurrent. “This ability to recognize existing and newly-introduced applications enhances an organization’s ability to take action quickly and mitigate malicious behavior,” he said.
In addition to technological advances derived through corporate alliances, FireEye’s recent purchase of Mandiant illustrates that it can be more efficient and economical to buy rather than build new features or products. FireEye takes a sandbox approach to protecting network while Mandiant provides an endpoint solution. “Mandiant was essentially a good move for FireEye to continue to expand their horizons,” said analyst Monahan, commenting on the business aspect of the acquisition. “FireEye has done a good job on branding but their revenues haven’t been keeping pace,” said Monahan.
New products or not, before any network-related security vendor can report geometric jumps in revenues or customers, security vendors will have to educate the marketplace that the need to develop an internal security program is critical. “I’m still at the stage of trying to get most of my clients to pay attention to internal network security,” said John Kindervag, an analyst with Forrester. “I’m still trying to get most of [them] to shine a light on their internal networks instead of just looking at the perimeter.”
Kindervag told securitycurrent that it’s important to focus on internal networks because all cybercrime is an inside job. “External attackers know how to bypass perimeter controls,” Kindervag explained. “Once they’ve done that, they get all the privileges of a trusted user. Now attackers can do whatever they want to because no one is watching them. They can easily breach the network, steal data and get away with it.”
Bottom line, said Lawrence Pingree, a Gartner security research director, “The reality is that no one security technology is good enough. Hackers are always working to defeat the latest defense. So you have to invest in defenses for the latest threat as well as every threat experienced in the past.”
Gail Bronson is an accomplished technology journalist and security start-up entrepreneur. She was the Founding Managing Editor of Bloomberg and the Founding Editor of Forbes Science & Technology section and she held stints at other publications including U.S. News & World Report and Internet Week.