TippingPoint has released two new intrusion prevention systems (IPS) designed to secure network traffic for small and medium enterprises. The company said that the new TippingPoint 110 and 330 IPS provide security for organizations with remote or branch offices as well as managed security service providers (MSSPs) focused on delivering protection services for their customers’ assets. According to TippingPoint, the new intrusion prevention systems provide comprehensive traffic inspection and filtering using its Digital Vaccine service to identify and block security threats before they impact the network. In addition, both products can be managed locally or by using its Security Management System (SMS) for enhanced management and reporting options. James Collinge, Director of Product line Management at TippingPoint, said: “We’ve had tremendous success providing network protection at the perimeter. However, IPS performance requirements are sometimes more stringent internally. “The introduction of these appliances gives our customers more options for deployment between internal zones, out at remote or satellite offices and in some cases at the DMZ to protect valuable web application assets.”

"McAfee is acquiring cloud-based security software provider MX Logic for up to USD170m. The purchase consolidates McAfee's move into the Software-as-a-Service SaaS security market. Senior VP and general manager Marc Olesen claims the acquisition will provide McAfee with "the most comprehensive SaaS portfolio in the industry".

HP ProCurve announced the expansion of its security portfolio with firewall and intrusion prevention solutions that lower costs and reduce the complexity of security infrastructure deployments.
As part of HP ProCurve's ProActive Defense security portfolio, HP is introducing the new HP ProCurve Threat Management Services Module. It provides firewall, virtual private network (VPN) and intrusion prevention (IPS) functionality.

Top Layer Security, a leading global provider of Network Intrusion Prevention Systems (IPS), announced today that NetDepot, a low-cost, high-quality provider of hosting infrastructure and utility computing, has deployed its IPS 5500 intrusion prevention solutions. NetDepot selected Top Layer after a competitive review of leading products for the company's ability to handle a wide variety of threats in a single solution, including undesired access, malicious content ...

The US is expected to scrutinize on national security grounds yesterday's joint acquisition of 3Com, the US networking group, by Huawei Technologies, a Chinese telecoms equipment maker, and Bain Capital, the US private equity firm. The deal is worth $2.2bn in cash. Bain will take a stake of more than 80 per cent, while Huawei's ownership will remain below 20 per cent, insiders said. 3Com is small compared with rivals such as Alcatel-Lucent, Nortel Networks and Cisco Systems. But the US government is believed to be concerned about foreign ownership of sensitive communications networks.

Among 3Com's products is an "intrusion prevention" technology that helps clients, including the US defense department, protect themselves from hackers. The tabular content relating to this article is not available to view. Apologies in advance for the inconvenience caused.
The Pentagon believes Chinese People's Liberation Army hackers were responsible for a massive cyberattack on it this year. Bryan Whitman, a Pentagon spokesman, said he was "not aware of any concern" over Huawei taking a stake in 3Com. But Sami Saydjari, a former Pentagon cybersecurity expert and currently chief executive of Cyber Defense Agency, said Huawei's ownership of hardware and important network components would be "really worrisome".

"Any Chinese-related deal that touches on government IT systems, even in a minority capacity, is going to be something that the Committee on Foreign Investment [Cfius] looks at closely," said Christopher Simkins, an attorney at Covington & Burling and former US justice department official.  Cfius examines transactions that involve a change in control in a US asset. But the panel could require the companies to agree to a mitigation agreement that would limit Huawei's access to certain technologies and bar its involvement in any contracts with the US government.

The buyers are offering $5.30 a share, a 44 per cent premium to 3Com's closing price of $3.68 on Thursday. Debt financing for the deal will be raised through the Asian branches of Citigroup and UBS, as well as HSBC, ABN Amro and Bank of China. Buy-out have slowed dramatically since the turmoil in the debt markets began Reporting by James Politi in New York, Sundeep Tucker in Hong Kong, and Demetri Sevastopulo and Stephanie Kirchgaessner in Washington Copyright 2007 Financial Times.

WASHINGTON (MarketWatch) -- 3Com Corp. said Friday it's agreed to sell itself for $2.2 billion to Bain Capital Partners LLC and Huawei Technologies Co., the largest networking company in China.

Boston-based Bain, one of the biggest private-equity firms in the world, would own a majority stake. 3Com Chief Executive Edgar Masri said in a conference call that Bain has great connections in China as well as Europe, markets where the company is seeking to expand.

A minority interest in 3Com would be sold to affiliates of Huawei. 3Com previously operated a joint venture with Huawei in China called Huawei-3Com Ltd., but 3Com bought out its partner earlier this year. The venture was started in 2003.
The latest collaboration would give Huawei a bigger foothold in the U.S. and European markets. 3Com makes equipment used to run corporate networks.

Huawei ranks as the largest maker of network-equipment in China. The company's increasingly competing for business with traditional industry leaders such as Cisco Systems Inc.

The rising competition from Asian manufacturers has put further pressure on U.S. and European networkers to reduce costs. It has also become harder to raise product prices and thereby boost profits.

Some U.S. politicians have expressed concern about Chinese companies buying stakes in domestic firms, complaining that the Chinese market is not fully open to Westerners. Yet 3Com is a very small player in the U.S. and Huawei is only obtaining a minority stake.
What's more, big U.S. vendors such as Cisco Systems, Inc and Motorola, Inc. already do extensive business in China. Any move by U.S. lawmakers to block Huawei would likely lead to retaliation.

During the high-tech boom in the late 1990s, 3Com was a much bigger player in the U.S. market, but its stock has treaded water in recent years as the vendor struggled to grow its business.

In its most recent fiscal year ended in May, however, 3Com experienced somewhat of a resurgence, aided in large part by its Chinese venture. The company boosted revenue by nearly 60%, to $1.27 billion from $794 million generated during fiscal 2006.

Masri said 3Com reviewed a number of "strategic alternatives" before settling on a sale to Bain and Huawei. The deal is expected to close in early 2008, 3Com said.

AirDefense, the innovator that launched the wireless LAN security market, today announced that it has received allowances from the United States Patent and Trademark Office (USPTO) for the company’s fourth and fifth patents. These patents further strengthen AirDefense’s seminal intellectual property portfolio. With three fundamental patents granted earlier, AirDefense now owns the earliest and broadest patents in the area of wireless intrusion prevention and wireless troubleshooting.

AirDefense’s fourth patent titled “System and Method for Sensing Wireless LAN Activity” (US Patent No. 7,277,404), covers the hybrid architecture of a wireless IPS, and specifically, the shared processing between sensors and a server for scalable, collaborative and distributed monitoring of WLAN traffic.

AirDefense’s fifth patent titled “Systems and Methods for Dynamic Sensor DISCOVERY and Selection” (US Patent Application No. 10/773,915), filed over three years ago, covers management and architectural aspects of a wireless, distributed, multiple-sensor network for dynamic discovery, redundancy and spatial coverage in wireless monitoring.

‘The patents granted to AirDefense describe fundamental systems and methods that are required for any wireless security and monitoring solution,” said Dr. Amit Sinha, chief technology officer, AirDefense. “As the pioneer in the wireless intrusion prevention industry, AirDefense takes great pride in offering patented solutions that are relied upon by more Fortune 500 companies, healthcare organizations, high-security government agencies and other Blue Chip corporations than any of our competitors.”

AirDefense has an additional 23 patents pending at the USPTO. These patents extend AirDefense’s intellectual property into broader areas such as security for emerging wireless networks, interference classification, remote Performance troubleshooting, bandwidth optimization, forensic analysis, endpoint wireless security, legacy encryption protection and alarm management.

Business Wire - Open source innovator and SNORT(R) creator, Sourcefire, Inc. (Nasdaq:FIRE), a leader in network intrusion prevention, today announced that the company is expanding its presence in Australia as part of a strategy to support the growing international demand for the company's innovative security solutions.

"Since launching in the Asia-Pacific region four years ago, Sourcefire has seen significant demand for its solutions," said John Czupak, Vice President of International Sales and Business Development for Sourcefire. "To support the growth in Australia, we are expanding our sales team and launching a new seminar series and training program. These ongoing investments will ensure that customers in this region continue to receive the same superior security technology, support and training that have enabled us to build such a strong foundation in the area."

To support its strategic initiatives, Sourcefire is currently recruiting a Regional Sales Manager for Australia who will be responsible for all sales of Sourcefire technologies in the region, targeting Global 2000 and major Australian and New Zealand accounts.

In addition, the company is launching a new seminar series and training program to provide Sourcefire and Snort users with the tools to successfully deploy and manage its security solutions and protect their most critical assets.

Sourcefire founder and chief technology officer Martin Roesch vowed earlier this year to expand his company's product portfolio. Friday, the maker of the popular Snort open source intrusion defense (IDS) tool took a step in that direction by announcing the acquisition of ClamAV, an open source email gateway antivirus and antimalware project.

In a statement, Roesch said ClamAV will broaden Sourcefire's open source footprint and enable the company to develop new products and services as part of its Enterprise Threat Management network security portfolio. In addition to email gateway scanning, ClamAV software provides a number of automated utilities including a multi-threaded daemon, a command line scanner and automatic database updates.

"This will not only broaden our reach, but will also allow us to extend our product family into a number of intriguing new markets," he said, adding that the success of the ClamAV project is a "direct reflection of the talent and dedication of the founding team and the project community," he said.

Roesch said Sourcefire will continue to invest in the ClamAV technology, as it has with Snort and Snort.org. ClamAV updates are downloaded by about a million users a day across 38 countries and, like Snort, is one of the more popular open source security tools.

Sourcefire CEO Wayne Jackson said in a conference call with reporters Friday that he expects ClamAV to begin shipping as part of the Enterprise Threat Management network in the latter half of 2008. He also reiterated Sourcefire's intention to keep ClamAV as an open source tool.

"As a successful open source project, ClamAV benefits from the expertise of hundreds if not thousands of individuals who contribute to the rapid evolution of the ClamAV inspection technology and the vast library of ClamAV malware signatures," he said.

Under terms of the deal, Sourcefire will assume control of the ClamAV project, including the ClamAV.org domain, Web site content and the ClamAV Sourceforge project page. The ClamAV team will officially become Sourcefire employees, continuing management of the project on a daily basis, according to the statement.

VMware Inc., the market leader in virtualization software, has acquired Determina Inc., a Silicon Valley maker of host intrusion prevention products.

The terms of the acquisition have not been disclosed and there has not been any formal announcement of the deal, but it apparently occurred on August 6. VMware went public with a much-hyped IPO on Monday, and is still in its quiet period.

"VMware has acquired Determina to integrate a talented product development team with unique security technology into our efforts to make our virtualization platform the safest place to run applications. VMware does not have plans to enter the security content subscription business. VMware maintains its commitment to working with the security partner community to deliver a range of security solutions including vulnerability protection," Karthik Rau, vice president of product management at VMware, said in a statement.

In a research note analyzing the deal, Gartner analyst Neil MacDonald says he expects VMware to integrate Determina's Memory Firewall technology into its existing products, including the ESX hypervisor, and to stop selling the Determina products as standalones. Determina's technology is unique in the HIPS market, as it is designed to protect the operating system and applications by preventing malicious code from abusing memory, which is typical of attacks such buffer overflows.

Determina, based in Redwood City, Calif., also has a development lab in Cambridge, Mass., where VMware has its East Coast headquarters. One of Determina's co-founders, Vladimir Kiriansky, whose thesis work at MIT led to the development of the Memory Firewall, previously worked at VMware.

This is VMware's first real foray into the security market, and it comes at a time when the company's core virtualization offerings are more in demand than ever. Large enterprises and other sizeable organizations are turning to virtualization as a way to cut costs in the data center and get more out of the investments they have already made in servers and desktops. But the security of virtualized environments has been something of an unknown quantity due to the complexity of the technology and the ways in which hypervisors interact with the host OS.

Determina's technology is designed specifically to protect the OS from malicious code, regardless of the origin of the attack, so it would seem to be a sensible fit for VMware, analysts say.

"Securing the integrity of the hypervisor and the guest OS is integral to the widespread enterprise adoption of virtualization," said Nick Selby, senior analyst at The 451 Group in New York. "Determina has some technology that can help VMware, if properly integrated, address some of the most compelling issues."

In his analysis of the deal, Gartner's MacDonald sounded many of the same notes. "By potentially integrating Memory Firewall into the ESX hypervisor, the hypervisor itself can provide an additional level of protection against intrusions. We also believe the memory protection will be extended to guest OSs as well: VMware's extensive use of binary emulation for virtualization puts the ESX hypervisor in an advantageous position to exploit this style of protection," he wrote. "Further, by using the LiveShield capabilities, the ESX hypervisor could be used 'introspectively' to shield the hypervisor and guest OSs from attacks on known vulnerabilities in situations where these have not yet been patched. Both Determina technologies are fairly OS- and application-neutral, providing VMware with an easy way to protect ESX as well as Linux- and Windows-based guest OSs."

LAS VEGAS – Symantec Vision 2007 – June 13, 2007- Symantec Corp. (NASDAQ: SYMC) raised the bar today for enterprise security by announcing the global availability of Symantec Endpoint Protection 11.0 and Symantec Network Access Control 11.0. Symantec Endpoint Protection integrates Symantec AntiVirus with advanced threat prevention in a single agent managed through a single console, delivering unmatched defense against malware and data loss for laptops, desktops and servers.

Today Symantec also released results from a third-party study of Symantec Endpoint Protection beta customers quantifying the operational efficiencies gained through the integrated, single agent endpoint security solution. The study, which was conducted by the Alchemy Group in August and September, highlights Symantec Endpoint Protection's ability to significantly reduce the cost and complexity of securing endpoints in diverse business environments.

Highlights of the summary include:

• The ability to manage IT security operations from Symantec Endpoint     Protection's single management console has the potential to reduce the number of current management hours by an average of 75 percent.  One customer expects to save 97 percent of the hours dedicated to weekly security related reporting.

• Symantec Endpoint Protection's Application Control functionality, which can limit access to only approved applications at the endpoint, can be a key enabler in reducing costs and increasing operational efficiency.   Network outages caused by unauthorized peer-to-peer applications are costing one customer more than two million dollars annually.

"Symantec has once again redefined the enterprise security market to address evolving business needs and the changing threat landscape," said Brad Kingsbury, vice president of endpoint security, Symantec. "Symantec has integrated state-of-the-art security technologies, including our unique behavioral-based intrusion prevention technology and our award-winning Network Access Control product, in a way that simplifies management and provides better security. By combining endpoint protection and endpoint compliance, this comprehensive solution can help customers secure critical assets, comply with regulatory mandates and protect information."

Symantec Endpoint Protection provides customers the security technologies required to protect their endpoint environments against today's threats while reducing the overall memory footprint to new industry lows. When running in an idle state, Symantec Endpoint Protection introduces a reduced memory footprint of only 24 MB. This is a dramatic decrease compared to competing endpoint security offerings.

Framingham | Tuesday, May 22 2007 - 3Com is introducing unified threat management gear for small and midsize enterprises at the Interop show this week. The gear is aimed at customers who want 3Com's Tippingpoint security technology but at a lower scale and price point than has been previously offered, the vendor says.

The 3Com X5 and X506 appliances combine 3Com's VPN and firewall technologies with intrusion prevention/detection systems (IPS/IDS) packet inspection features from its TippingPoint subsidiary. The gear is aimed at SMEs and organis0ations looking to tightly control traffic flows into and out of a campus network.

The X5 is a desktop device, aimed at small offices with as many as 50 users. The X506 is targeted at larger networks with hundreds or thousands of users and nodes. The X5 supports 18Mbps IDS/IPS and 50 VPN users, while the X506 supports as much as 50Mbps of IDS/IPS traffic and more than 1000 VPN tunnels. Both boxes perform deep packet inspection to identify and shut down services such as peer-to-peer networking and spyware, using the same IDS/IPS engines as the enterprise-level Tippingpoint products.

The X-series devices can also be configured to limit the rate of suspicious traffic, such as packet streams which may be produced by a worm-infected PC or server. The products can use software and services from Surfcontrol for advanced web site and URL filtering.

The X5 and X506 compete with low-end and mid-range security devices such as Juniper's NetScreen 25 series Watchguard's X750e and Cisco's Pix 501 appliance.

SALT LAKE CITY, April 23, 2007 /PRNewswire via COMTEX/ -- LANDesk Software, a leading provider of IT service-oriented management solutions, today announced LANDesk(R) Host Intrusion Prevention, a behavior-based security monitoring, alerting and remediation solution. Host-based Intrusion Prevention Systems (HIPS) go beyond traditional anti-virus software in protecting computers based on the systems behavior, and defend against the increasing number of zero-day threats, rootkits and other malware.

"Adding Host Intrusion Prevention to LANDesk's product line extends our leadership position in systems, security and process management," said LANDesk General Manager Steve Daly. "Customers have asked us to leverage our integrated platform strengths and provide them with endpoint security solutions that streamline security policy administration. HIPS technology provides a more proactive defense against sophisticated network attacks in a more efficient, layered approach than traditional solutions alone."

Unlike signature-based scanning technology used by many anti-virus and anti-spyware solutions, LANDesk Host Intrusion Prevention technology does not rely solely on pre-existing signatures and pattern files for identification of malware. Instead, it leverages rules-based technology that examines network traffic and machine behavior to identify anomalies or incidents of security policy violations based on pre-defined rules set by security and IT administrators.

"Simply having a firewall and an anti-virus solution in place is no longer enough," said Keith Brown, network administrator for Gwinnett Medical Systems. "In order to proactively deal with the accelerated pace and changing nature of security threats, we have to have solutions that enable us to respond rapidly without waiting for security vendors to identify threats, define and publish patches and other solutions."

LANDesk Host Intrusion Prevention includes security enhancing capabilities such as application access control through whitelisting, file behavior analysis and protection through policy-based remediation, real-time monitoring of system start up commands, rootkit detection and removal, and detection of uncertified clients and Internet servers.

LANDesk Host Intrusion Prevention integrates closely with LANDesk(R) Security Suite to offer integrated patch, antivirus and anti-spyware management, network access control (NAC), mobile device security and host- based intrusion prevention in a single management console and blended solution.

SAN FRANCISCO, Apr 10, 2007 (Canada NewsWire via COMTEX) - nCircle, the leading provider of agentless security risk and compliance management solutions, today announced the grants of two more patents by the U.S. Patent and Trademark Office, expanding nCircle's patent portfolio. The two most recent patents are for "Interoperability of Vulnerability and Intrusion Detection Systems (IDS)" and "Network security system having a device profiler communicatively coupled to a traffic monitor." The patented technology is the foundation for nCircle nTellect, which integrates nCircle's market-leading security risk and compliance management solution with intrusion detection and intrusion prevention systems to reduce false positives by more than 95 percent.

The two new patents relate to nCircle's invention of technology that greatly improves the effectiveness of intrusion detection and prevention systems by correlating endpoint vulnerability and application information with IDS and IPS alerts. Integrating these two disparate security solutions significantly reduces false alerts in IDS and IPS systems. nCircle utilizes the patented technology in its nTellect product, which integrates endpoint intelligence with McAfee IntruShield IPS and Cisco IDS and IPS. Through the integration of the nTellect and leading IDS and IPS systems, customers are able to realize the full value of their IDS and IPS systems.

"nCircle continues to develop technology that enables short-handed enterprise security teams to do more with less," said Tim Keanini, CTO of nCircle. "nCircle's research continues to define industry best practices, and these two new patents recognize our internal emphasis on innovation and creativity towards that end. nCircle's growing patent portfolio ensures that our customers' investments in our products are protected."

Framingham | Tuesday, May 22 2007 - 3Com is introducing unified threat management gear for small and midsize enterprises at the Interop show this week. The gear is aimed at customers who want 3Com's Tippingpoint security technology but at a lower scale and price point than has been previously offered, the vendor says.

The 3Com X5 and X506 appliances combine 3Com's VPN and firewall technologies with intrusion prevention/detection systems (IPS/IDS) packet inspection features from its TippingPoint subsidiary. The gear is aimed at SMEs and organis0ations looking to tightly control traffic flows into and out of a campus network.

The X5 is a desktop device, aimed at small offices with as many as 50 users. The X506 is targeted at larger networks with hundreds or thousands of users and nodes. The X5 supports 18Mbps IDS/IPS and 50 VPN users, while the X506 supports as much as 50Mbps of IDS/IPS traffic and more than 1000 VPN tunnels. Both boxes perform deep packet inspection to identify and shut down services such as peer-to-peer networking and spyware, using the same IDS/IPS engines as the enterprise-level Tippingpoint products.

The X-series devices can also be configured to limit the rate of suspicious traffic, such as packet streams which may be produced by a worm-infected PC or server. The products can use software and services from Surfcontrol for advanced web site and URL filtering. The X5 and X506 compete with low-end and mid-range security devices such as Juniper's NetScreen 25 series Watchguard's X750e and Cisco's Pix 501 appliance.

MAHWAH, N.J., Oct. 1, 2007 -PRNewswire-FirstCal- Radware (NASDAQ: RDWR), the leading provider of integrated application delivery solutions for business-smart networking, today announced the availability of DefensePro version 4.0, the latest version of the company's flagship Intrusion Prevention System IPS). DefensePro 4.0 provides adaptive behavioral server-based IPS feature set, protecting against misuse of application authorization and preventing break-in attempts to enterprise critical application servers, with no need for human intervention. This allows the network to automatically respond to attacks targeted at revenue-generating applications. The new version complements Radware's DefensePro existing signature and behavioral network-based protections and reinforces the company's vision to provide business-smart networking solutions.

DefensePro version 4.0 is available now for customers as a software upgrade for DefensePro models.