Search our
entire site
Enter your search
terms below, or visit
our search page

Search case
studies only
Enter your search
terms below:

For the table
of contents and
hyperlinks to
general topics
proceed to toc

Security pacts conceal snags
Raft of initiatives tackle interoperability
March 1999

New security interoperability projects are giving IT managers the ability to secure their networks without having to align themselves with a single vendor.

The latest initiative, the CCI (Common Content Inspection) API, pushed by Aventail Corp., Finjan Software Ltd. and Check Point Software Technologies Ltd., has picked up support from security giant Network Associates Inc.

The CCI API joins a host of other security initiatives, such as Check Point's OPSEC (Open Platform for Secure Enterprise Connectivity) Alliance and Internet Security Systems Inc.'s ANSA (Adaptive Network Security Alliance), which was unveiled at NetWorld+Interop here last week. The common goal for each is to keep security options open.

The CCI API group's developers will meet Nov. 16 in San Jose, Calif., to hash out details of the specification, which they hope to finalize by early next year. Their goal: Create common interfaces for inspecting content, whether at the firewall level, the anti-virus level or the mobile code level.

If one vendor has a great firewall, for example, chances are it has no intrusion detection software. Getting those two applications to work together requires a common set of APIs.

The Kansas Bureau of Investigation integrated security software and hardware from at least six companies for a statewide VPN (virtual private network) that the organization began rolling out last week, said officials at N+I.

The KBI, opting for a best-of-breed approach, chose Check Point's Firewall-1 Version 4.0, Check Point's VPN software, the 3.0 version of Entrust Technology Inc.'s public-key infrastructure, RealSecure intrusion detection software from Internet Security Systems, Chrysalis-ITS Inc.'s encryption accelerator cards and SecurID hardware authentication tokens from Security Dynamics Technologies Inc.

To integrate this mishmash of products, the KBI relied on APIs from OPSEC. "Without the APIs, we'd still be about six months from being done," said Jody Brazil, director of IT at FishNet Consulting Inc., a Kansas City, Mo., consultant on the KBI project.

Developers hope the VPN will allow the bureau to scrap a frame relay network and save the state about $2 million per year.

But it's not always this black and white. IT managers should be aware that many security alliances tie their strategies to certain vendors' products. For instance, OPSEC, with more than 260 participants, was formed 18 months ago by Check Point, of Redwood City, Calif. Check Point created CVP (Content Vectoring Protocol), which is designed to do the same thing as the CCI API, but with Check Point's firewall as the foundation.

ISS' ANSA, with 60 supporting companies, promises to publish for free the APIs that come out of the effort. But again, the APIs will be for integrating ISS software.

TABLE OF CONTENTS