Infosecurity conference focuses on mobility

"Management" and "mobility" were words on the tips of many attendees' tongues at this year's InfoSecurity 2003 Conference and Exhibition here in New York, as leading security technology vendors displayed products for managing security devices, combating spam and securing mobile devices.

Frustration with difficulty managing security devices and security risks posed by mobile devices such as personal digital assistants and cellular telephones is driving demand for new products and features bolstering traditional protections like firewalls and intrusion detection systems, according to interviews with those at the show.

A number of companies displayed technology for managing data produced by increasing numbers of security products deployed on corporate networks. Companies like Ubizen NV, OpenService Inc., Consul Risk Management, Inc. and Network Intelligence Corp. showed such products and services.

Securing mobile users was also a major concern of both attendees and exhibitors. Heightened attention comes as corporations are equipping more employees with laptop computers, BlackBerry pagers and smart phones that give them constant access to network resources. Increasingly, those devices are serving as entry points for worms and viruses, said David Mortman, director of global security at Siebel Systems Inc., during a panel discussion Wednesday.

"Seventy percent of our workforce has laptops and is mobile, and laptops break the (network) perimeter," he said.

After a recent outbreak of the Blaster worm, Siebel was forced to protect its network from infection by stopping mobile workers as they came to work and requiring them to run a scanning program to detect copies of the worm on their laptops. Siebel stopped about 30 or 40 instances of Blaster from reaching the corporate network, Mortman said.

But companies are looking for more automated ways to deal with threats posed by mobile workers, according to Gerhard Eschelbeck of Qualys Inc., who also participated in the panel discussion.

To meet those needs, companies are investing in new kinds of remote access technology. For example:

-- Nokia Corp. used InfoSecurity to display Secure Access System, a VPN (virtual private network) product based on Secure Sockets Layer that lets companies set up access policies that take into account the mobile user's identity, location and type of device used for network access, said Steve Schall, director of security application product management at Nokia.

Companies can use a client integrity scanner component of the Secure Access System to determine whether a mobile user's operating system is adequately patched and whether antivirus definitions are up to date. Lower levels of network privileges can then be assigned to users who do not satisfy those criteria, Schall said.

-- InfoExpress Inc., based in Mountain View, California, showcased similar technology in its CyberGatekeeper product, a server that sits between VPN users and a corporate network and enforces security policies such as antivirus updates and configuration on remote clients.

-- Control Break Intl. of Houten, Netherlands, displayed technology for protecting data on remote devices. The company's SafeBoot uses two-factor authentication and proprietary technology to validate a user's identity before allowing the SafeBoot-protected device to start.