The rapid increase in interest over secure virtual private networks continues apace, with new products this week from Aventail and Check Point to add to several new products last week and the announcement of a certification programme.

Yesterday, SSL VPN specialist Aventail announced the release of ASAP 7.1, with a range of new features including the ability to clean up files on client machines, make it easier to create access control policies and prevent insecure clients from logging onto networks.

At the same time, Check Point began touting a new Web security gateway appliance called Connectra that combines SSL VPN remote access with an integrated Web server and endpoint security, also from Zone Labs (which Check Point recently purchased).

Aventail's ASAP, which stands for Anywhere Secure Access Policy, is the technology platform used for its EX-1500 SSL VPN appliance and allows administrators to create and deploy access policies and configure clients. Among other changes, ASAP 7.1 improves Aventail's Cache Control feature, which removes data sent to remote clients during SSL VPN sessions after those sessions have ended, said Sarah Daniels, VP of product management and marketing.

Aventail's products have long cleaned temporary files, e-mail file attachments, cookies, Web pages and other data left on machines. The new software is more thorough in searching out data that is temporarily stored by Microsoft's Explorer browser during SSL VPN sessions. The new Cache Control feature is thorough enough in removing data to comply with the US Department of Defense's clearing and sanitising standard, known as DoD 5220.22-M, Daniels said.

An optional feature, called Aventail Secure Desktop, provides even more secure handling of SSL VPN data by creating a virtual workspace and temporary, encrypted "vault" on client machines where session data is downloaded and stored. The workspace and vault are destroyed at the end of each session, erasing any data stored there, Aventail said.

Aventail also improved the policy management features in ASAP 7.1. Previous versions of ASAP required administrators to write access policies using a complex syntax. A new user interface and an object-based policy model in version 7.1 lets administrators browse LDAP, Microsoft Active Directory or Radius directories to select users, user groups or policies, automatically building the policy language.

The new management feature will speed the creation of access policies and reduce typos and other user errors, Daniels said.

Finally, Aventail said it was partnering with three companies to secure their networks from vulnerable or compromised SSL clients. Aventail is integrating support for Zone Labs' Clientless PC Security and WholeSecurity's Confidence Online products. Customers using them will connect seamlessly with EX-1500 to inspect remote clients for virus infections or the presence of spyware or Trojan horse programs before allowing them to establish an SSL VPN connection, Daniels said.

The Aventail ASAP 7.1 platform will be available at the end of the month. Pricing is based on concurrent users and begins at $9,495.

Check Point
Meanwhile, Check Point's new Connectra gateway offers complete Web security, the company claims. It enables a wide range of remote connections while offering protection against spyware and hacking attempts. It also claims to allow remote SSL access to a network to be set up with a single click by a sysadmin.

The company's Network Extender tool, free with Connectra, uses a Web plug-in to provide tunnelling with the need to download and install client software, the company argued, and enable users to work in a mixed environment of SSL and IPSec.

Connectra will be available in June, starting at $10,000. The Check Point SSL Network Extender is free with Connectra or as an add-on to VPN-1, starting at $2,300.

The market
SSL VPNs are an increasingly popular technology for providing remote users with access to network resources such as e-mail, software applications and network file servers. As opposed to VPNs that use IPsec, SSL VPNs rely on the SSL protocol, part of most common Web servers and browsers, and is widely used to secure e-commerce transactions.

As a result, they are typically "clientless", meaning they do not require a separate software application to be installed on the remote user's machine. That allows remote users to securely connect to networks from any computer with an Internet connection and a Web browser, including home computers and public kiosks.

An early leader in the market for SSL VPN, Aventail now faces competition from a number of other technology companies, including established players in the networking equipment market like Cisco, which added SSL VPN features to its VPN 3000 Series Concentrator in November.

In recent weeks, Aventail and MCI announced they will be partnering with MCI to deliver SSL VPN technology, and Aventail plans to introduce new features to its Remote Access suite of services, including technology to detect online fraud and scramble user passwords sent over MCI's global network.

Aventail has not seen any decrease in business as a result of new competition from Cisco and others, according to Daniels. She argued that Aventail's head start in developing SSL VPN products will keep the company safe from competition in the short term. In the long term, Aventail must continue to innovate and be a technology leader to survive, she said.