Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/26/2007
06:05 AM
50%
50%

Upstart Vendors Question Everything

New technologies rethink the way today's security products work

2:05 PM -- It's a funny thing about technology: Even with all of the constant innovation that goes on, it's easy to become accustomed to the limitations of current products. Firewalls, anti-spam software, mobile device security -- none of them work very well, but there's nothing to be done about it, right?

Wrong, according to a new crop of vendors that have been shaking up their respective markets in recent weeks. While many startups look to improve or add onto existing technology, these vendors are actually rethinking the security problems users face -- and the way traditional products work.

Take, for example, Abaca Technology Corp., a little company that wasn't satisfied with the traditional blacklist/whitelist approach to spam control. Rather than fighting the whole question of content filtering and text searches, Abaca has developed a totally different premise: that spam gravitates to certain users, while leaving others alone. Using that premise, Abaca this week at Interop New York demonstrated an algorithm that it guarantees will block 99 percent of spam. (See Startup Unveils Reputation-Based Spam Fighter.)

Another company, Palo Alto Networks, is also demonstrating at Interop a product that questions conventional wisdom. Palo Alto's PA-4000 firewall, which was developed by some of the same people who invented the original firewall, controls access at the application and data levels, not just at the port level.

"Instead of just assuming that the firewall has limitations, and trying to work around them, we should be trying to make a better firewall," says Palo Alto exec Steve Mullaney. "If you were to build a firewall today, knowing what we know now about the nature of traffic and the limitations of firewalls, what would it look like? That's the whole idea behind our company." (See Startup Puts New Spin on Firewalls.)

In the world of authentication, enterprises have been working around the limitations of digital signatures for more than a decade. The technology required a special client, and each document could support only one signature. Many enterprises have simply given up on the technology, resorting to handwritten signatures and fax machines. (See Upstart Takes New Tack on Digital Signatures.)

Some IT people at Pfizer Inc., the pharmaceutical giant, decided that none of the off-the-shelf digital signature tools were worth a bottle of ink, so they developed a tool themselves. And now TriCipher Inc. is bringing that technology to the rest of the market, paving the way for a new try at the digital signature process.

But you don't have to be a startup to rethink old ideas. Alcatel-Lucent this week at Interop New York is demonstrating its technology for securing and managing remote laptops, no matter where they are or whether they are powered up. The PCMCIA card essentially protects the laptop without requiring the user to modify his or her hardware or the applications he or she uses. And Sprint is now distributing the card as part of its mobile broadband service. (See Sprint Adds Laptop Security to Mobile Broadband.)

These technologies are very different, but they have one thing in common: They break the rules on how a problem has traditionally been solved. Rather than taking an existing product and asking how to make it better, these innovators started with the problem, and then developed a solution from scratch.

Will all of these products work? Will they change their respective marketplaces? Hard to say. Many good ideas have died on the vine, starved for funding or marketing expertise. And many inventors overlook practical realities when they try to create a better mousetrap.

Whatever happens with these products, though, you have to give their developers some points for trying. They're questioning the conventional wisdom -- and that's the first step in creating real change.

— Tim Wilson, Site Editor, Dark Reading

  • Abaca Technology Corp.
  • Alcatel-Lucent (NYSE: ALU)
  • Palo Alto Networks Inc.
  • TriCipher Inc.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    News
    Inside the Ransomware Campaigns Targeting Exchange Servers
    Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
    Commentary
    Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
    Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon
    Current Issue
    2021 Top Enterprise IT Trends
    We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
    Flash Poll
    How Enterprises are Developing Secure Applications
    How Enterprises are Developing Secure Applications
    Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2021-29370
    PUBLISHED: 2021-04-13
    A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
    CVE-2021-3460
    PUBLISHED: 2021-04-13
    The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
    CVE-2021-3462
    PUBLISHED: 2021-04-13
    A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
    CVE-2021-3463
    PUBLISHED: 2021-04-13
    A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.
    CVE-2021-3471
    PUBLISHED: 2021-04-13
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.