With the Infosec show and conference on in London, this has been a busy week for the security industry. Here's a few of the stories you might have missed thus far.
Management for spam
In an attempt to reduce the impact of false positives, Mirapoint has introduced Junk Mail Manager. It said that the software, which runs on Mirapoint's messaging appliances, will work with any email client and gives users easy access to a quarantine area so they can check that legitimate messages haven't been blocked by mistake, and set their own preferences as to what is and isn't junk.
Mirapoint has also updated its e-mail filtering appliances with software to detect typical virus behaviour so it can filter out traffic even when that virus hasn't been added to the database yet, and introduced a stand-alone version of MailHurdle, a device which it claims can block 80 percent of spam by checking that the incoming SMTP connection is a valid one.
However, Jeff Brainard, the company's senior product marketing manager, warned that technology is still only 90 percent of a solution to e-mail security. "The behavioural element is still very significant," he said. "People need to understand that there is a business e-mail usage policy - and that policy needs to have teeth."
WAN accelerator gains security
F5 Networks said that its Big-IP application accelerator not only provides faster access to remote applications over the WAN, but it adds security too. According to technology director Jeff Alsford, the device is flow-based and stateful, so it can enforce behaviour and apply rules, as well as compressing WAN traffic.
Alsford added that in future, F5 will also migrate its Firepass and TrafficShield security appliances onto the Big-IP platform. "I'd argue there's subsets of things that fit together," he said. "If you're decoding traffic anyway for one purpose, it makes sense to do other things at the same time - at the same network layer, anyway."
Defending against distributed attacks
Managed service provider Email Systems said its business e-mail services now block distributed DoS and directory harvesting attacks. It said its ability to gather threat data across its own network means it can identify and block distributed attacks before the traffic even reaches a customer's network connection.
The company has also added encryption, so traffic sent from an Email Systems client is routinely encrypted; if the recipient is one of its customers too, then the message will be encrypted end to end without the users having to take any action. Plus, if there is a problem with the e-mail network or security, new reporting capabilities mean that a client can receive alerts via test messages or a Web interface.
An Extreme answer to unknown threats
Extreme Networks has added a 1 Gbit-capable IPS (intrusion protection system) to its BlackDiamond 10K core switch. The $42,000 Sentriant box uses the switch's existing traffic reporting capabilities to watch for suspicious activity, it can then tell the switch to close down a port, for example to stop a worm or virus from spreading.
The aim is to spot new threats as they appear, and before they can severely damage network performance. The BlackDiamond already has a security rules engine able to enforce traffic policies, and Sentriant works in tandem with this to identify previously unrecognised attacks and their source.