News
News
11/9/2004
05:23 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Small Vendors Issue Security Challenge To Large Competitors

Group of four says some competitors aren't providing acceptable protection against hackers.

Four vendors of application security products have created an alliance to challenge the ability of large-scale vendors--such as Check Point Software Technologies, Cisco Systems, Juniper Networks, McAfee, and Symantec--to protect customers from hacker attacks and other security breaches.

On Monday at the Computer Security Institute Conference in Washington, D.C., the CEOs of F5 Networks, Imperva, NetContinuum, and Teros challenged their larger rivals to join them in putting their products to the test before ICSA Labs, an independent information security product certifier. Their stated goal is to promote more consistent metrics for customers to evaluate products.

The situation, as these upstarts describe it, is a growing market for Web application security--which the Yankee Group tags at $2 billion over the next five years--and suspect claims from vendors about the capabilities of their products.

In a prepared statement, the foursome suggests that some vendors are selling security short. "We are united regarding the minimum criteria that any security product must meet to provide acceptable protection for mission-critical Web applications," the companies state. "We believe these minimums are not being met by many vendors, despite marketing claims that strongly imply such protection. The result is a false sense of security that exposes consumers and corporations to a higher risk of identity theft and other similar data loss threats. Our goal is to pave the way for minimum standards that will ensure the safety of consumers as well as corporate and government environments on the Web."

The application security vendors "normally don't talk to each other," says Bob Walters, CEO of Teros. "But we came together to help improve the situation." Gene Banman, CEO of NetContinuum, notes that his company and its allies have built their businesses around better Web application security.

"It's pretty remarkable that these companies have come together," says James Slaby, an analyst with the Yankee Group. "It shows the difficulty of competing against entrenched incumbents."

The criticisms are accurate, Slaby says. The smaller, specialized vendors offer application-specific security that considers the context of external network requests, as opposed to generic packet filtering typically offered by the larger vendors. Slaby suggests that packet filtering is not enough to identify some attacks.

Even so, it may be tough for the specialized vendors to convince the market of their merits. "The buyers want to believe what the big guys are telling them," Slaby observes. He adds that the major players in the security market are probably aware of their deficiencies and may correct them through future development or by acquiring companies and their technologies.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest August 03, 2015
The networking industry agrees that software-defined networking is the way of the future. So where are all the deployments? We take a look at where SDN is being deployed and what's getting in the way of deployments.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Everyone wants a well-educated, successful workforce but just how do you get one? And what, precisely, do you think you can do with it? To answer those and other questions, George Colombo had a conversation with Elliott Masie, head of The MASIE Center, a Saratoga Springs, NY think tank focused on how organizations can support learning and knowledge within the workforce.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.