NEC developing network security analysis system

NEC Corp. is developing a network security system that will automatically monitor and analyze the configuration of security tools deployed in a network and suggest changes to fix vulnerabilities and any redundancies that exist between them, the company announced Tuesday.

The system is intended for use in networks where a mix of security tools, such as firewalls and intrusion detection systems (IDSes), are being used to guard against worms, viruses and other malicious traffic.

As servers and client computers are added and removed from networks, and as security tools are installed or taken away, security holes, redundancies and other “mismatches” can appear in the tools being used, said Riyuuichi Ogawa, principal researcher at NEC’s Ubiquitous Intelligence Technology Group.

“Security boundaries are constantly changing and one of the most urgent needs is to be able to perform a security health check to reveal weaknesses,” Ogawa said.

NEC’s product, which is still being developed and may not go on sale until early next year, collects and analyzes the configuration parameters of the security tools in a network to detect any holes or overlap between them. For example, it will detect when FTP (file transfer protocol) data is being allowed in through a firewall but is not being monitored by an IDS. As well as identifying the weakness, the system will also propose revisions to correct the problem, Ogawa said.

The system uses a language called Security Configuration Coordination Markup Language, or SCCML, which is able to describe the filtering and monitoring functions of firewalls and IDSes, Ogawa said.

In Japan, about one third of the incidents of unauthorized access to enterprise networks result from mismatches in the configuration of security systems, according to a January report by the Information-technology Protection Agency (IPA), a Japanese government-affiliated IT security promotion body.

Another third are caused by the use of older, vulnerable software, and the remainder by misuse of user identifications and passwords, according to the IPA.

While security tools exist to patch vulnerable software and improve ID and password security, none provide a unified analysis of the protocols used by the firewalls and IDSes, according to NEC.

Because a single firewall might have more than 1,000 filtering rules, finding mismatches among security systems can take network administrators hundreds of hours. NEC’s system can perform its analysis in minutes, according to Ogawa.

“As far as we know, this is a world’s first for this type of technology,” said Hiroshi Katayama, general manager of NEC’s Internet Systems Research Laboratories.

Analysts believe NEC’s technology could be significant for businesses, since more effective network security systems are always needed. But much is unclear until the technology has been fully tested in corporate networks, they warn. For example, it remains to be seen just how efficiently SCCML will perform, said Kazuyuki Ide, software research manager at market research company IDC.

“There is a possibility that (NEC) has got great technology, but there is some gap between good technology and being commercially successful,” Ide said.

It will also have to compete with established network security products from vendors such as Juniper Networks Inc., Hewlett-Packard Co. and Check Point Software Technologies Ltd., said Kenshi Tazaki, vice president of Gartner Japan Inc.’s network, telecom and semiconductor group’s research division.

Nevertheless, if NEC’s system performs its checks as quickly and as thoroughly as the company claims, it could be a big benefit to enterprises, Tazaki said.

NEC plans to begin testing the system internally in the near future and plans to offer it in Japan before the end of March next year under its Valumo middleware brand. It may make an English-language version of the system to sell internationally, Katayama said. Pricing has not yet been set.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now