Security gets smarter

As the black, gray, and white hats put on their party headdresses in Las Vegas for the Black Hat and DefCon conferences, security companies are busy bolstering their defenses against the latest crop of threats. And intelligence is the key weapon these companies are adding to security arsenals.

3Com's TippingPoint division, for instance, is announcing this week a ZDI (Zero Day Initiative), which is aimed at protecting enterprises against newly discovered vulnerabilities. Zero-day attacks typically take place against newfound weaknesses before anyone has had a chance to develop or distribute fixes for them.

Under the program, 3Com will offer a reward to security researchers who responsibly reveal information about new vulnerabilities. 3Com will then notify affected software vendors of these security flaws so they can begin work on a solution. 3Com will also share vulnerability details with other security vendors prior to public disclosure.

"This initiative is a positive step for the industry," said Victoria Fodale, a research analyst at In-Stat. "The goal of the ZDI is to proactively protect businesses as soon as possible against newly discovered vulnerabilities. That's an issue enterprises are very concerned about."

The program will also expand 3Com's research division, according to David Endler, director of security research at 3Com's TippingPoint.

Security research has become a hot issue in the industry recently, with VeriSign acquiring security intelligence company iDefense for approximately $40 million earlier in July.

"Companies are becoming proactive about security because worms, viruses, spyware, and other types of malicious code are getting better and faster, so companies are looking for more security intelligence services," Fodale said.

Companies such as Arbor Networks are also giving IT managers the ability to gain more intelligence about their own networks. Arbor is adding proactive features to its anomaly detection and internal intrusion prevention offerings this week with the release of Peakflow X User Tracking software. The product provides additional visibility into the users on a network, allowing an IT manager to map anomalies back to the individual employee or contractor.

For example, Peakflow X User Tracking can detect and even block an outside contractor attempting to internally access bank-transaction servers at a financial company. The network operator can track the inappropriate activity back to the person, down to user name, said Dug Song, principal security architect at Arbor.

"Network administrators and security officers need visibility into their corporate networks to provide better security and to track anomalies, attacks, and insider misuse," Song said. "There's a real lack of intelligent visibility on internal networks today."

Also adding new security features this week is Q1 Labs, which is combining network-behavior analysis, security-event correlation, and vulnerability management features to its QRadar 5.0 anomaly detection and resolution system.