I spent most of my time at RSA Conference last week working our booth, with limited time to walk the show floor and understand the wide range of new products on display. In conversations with attendees and exhibitors, however, I was struck by the wide range of new solutions being discussed at the event as well as the diversity of challenges that are being addressed in the whole category of network security.
Among the interesting new products featured on the show floor, Cisco demonstrated a new application-aware firewall product, Cisco ASA CX, as part of its SecureX strategy. Cisco ASA CX is an extension to its Adaptive Security Appliance that offers control over 1,000 different applications, including Facebook, Google+, LinkedIn, Twitter and iTunes. The application-aware firewall product breaks those applications down into more than 75,000 micro-applications, or application components, reporting on how much network bandwidth is consumed by specific applications and application features.
Cyberoam introduced a Web Application Firewall (WAF) feature for its UTM appliances, that adds a layer of protection to corporate websites and web-based applications through behavior detection. The WAF implements a website flow detector that apparently can “‘self learn” the legitimate behavior and response of web applications, repelling customized and automated attacks
Lumeta showed a feature called Enhanced Perimeter Discovery (EPD) within their IPsonar network discovery software, which identifies the network perimeter and demarcates between known and unknown devices in a network. EPD uses a targeted approach to identify devices on the network that have the ability to pass traffic into unauthorized networks. When systems forward traffic to unknown, unauthorized or untrusted networks, EPD detects and sends an alert on the complete context of the network conversation, including details on the device or host and the addresses and networks connected to, potentially identifying holes in a network’s perimeter.
McAfee announced a new mobile security suite with privacy protection for devices, data and applications. McAfee Enterprise Mobility Management (EMM) 10.0 includes security updates for enterprise customers to enable “bring-your-own-device” (BYOD) practices in the enterprise. EMM software allows employees to choose their devices, while offering access to mobile corporate applications. New features and functionality include email sandboxing, the ability to block iCloud backup for iOS, extended security policies, increased scalability and application blacklisting for Android and iOS.
WatchGuard showed two new UTM appliances, the XTM 25 and XTM 26. These are designed for small businesses, wireless hotspots and branch offices. They provide HTTPS inspection and Voice over IP (VoIP) support, as well as options for application control and all other WatchGuard security services (WebBlocker, spamBlocker, Gateway Antivirus, Intrusion Prevention Service, Reputation Enabled Defense and LiveSecurity Service). Identity-based firewalling is used with integrated VPNs to create tunnels for Apple iPad, iPhone and other iOS-based devices, or to enable remote connectivity for mobile employees.
That’s just a small snapshot of a large number of new products announced at the show. We’ll discuss others in a follow-on blog next week.
When talking to Product Managers at companies listed above as well as many others, a common thread was the need for increased performance and scalability in the low-level packet processing functions that are a critical part of many of these products. As the scope of threats and hacks grows, this drives the need for constant increases in the functionality (and complexity) of the security products themselves, so it becomes critical to maximize the amount of CPU bandwidth available for application-level stacks and software. In turn, this drives a need to perform the low-level packet processing and security functions as efficiently as possible, minimizing the CPU resources required for Layer 2 through Layer 4 functions while maximizing their overall performance. Since this is one of the major benefits of the 6WINDGate software, we had many interesting discussions about these challenges with attendees who visited our booth.
DPI was another major thread at the conference. OEMs are implementing a wide variety of DPI-based functions in their network security functions. If you’re interested in understand how to incorporate DPI technology in your product as quickly and painlessly as possible, check out this Thursday’s webinar “Leverage DPI in your next networking product - we won't tell your boss about the time you saved” (click here to register).
Were you at RSA Conference last week? What were the main trends that you saw at the event?