Security threats Toolkit

Nortel and Symantec prepare network security product

Tags:
Virus Signature Definition,
Deep Packet Inspection

Tom Espiner ZDNet.co.uk

Published: 20 Sep 2005 18:00 BST

Nortel claimed on Tuesday that its close ties with Symantec will help it to produce products that do a better job of protecting systems from attack, but users may have to wait another year to see the fruits of its labour.

Speaking at an event in London on Tuesday, Albert Hitchcock, chief information officer for Nortel, gave an update on his firm's work with Symantec. This began last December when the two companies started working on a "prototype security engine" which used deep packet inspection to identify viruses and other malicious code.

Deep packet inspection looks at all of the data within packets entering a network, and helps spot malicious activity. Nortel have also been working with Symantec on virus signature definition, which can help to identity and address malware on various levels within a network.

"We're creating an analysis of those signatures and embedding that knowledge within our routing products, in order to take the emphasis off just protecting at the end-user level," Hitchcock said.

"All our future routing products and our optical networking portfolio will incorporate these signature traces. We are also working with our firewall, because we want a content filtering capability in the core of the network. We are also looking at edge routing and firewall platforms, and we ensure the virus signature definition is up to date before a DHCP address is given, and the user is connected to the network," Hitchcock added.

Nortel will "roll out a product within the next 12 months... which enables users to do this", Hitchcock said.

Experts believe companies cannot simply rely on antivirus protection and firewalls, and should consider more sophisticated technology such as intrusion prevention systems.

"Currently 90 percent of users are connecting through the public Internet, and we see security happening at multiple levels," according to Hitchcock. "We've seen the industry as a whole getting frustrated with the lack of security over networks" he added.

Nortel have found that they can't just protect the perimeter of a company's systems, but must address security at network, device, and application level. "Not a week goes past without some new security threat — recently there was Zotob, which evolved and had 80 variants. We've seen spybots launched into networks, we're seeing a situation where vulnerabilities are becoming much more prevalent." said Hitchcock.

Another problem identified by Hitchcock is users who log onto both wireless and wired networks with an infected laptop. "We want to inspect the device before allowing it full access to the network. Our R&D group in Santa Clara are developing software which will go and interrogate the device before it fully connects to the network — it scans the device before it's connected," he said.