Teros goes modular, sees app security line expanding

Teros Inc has started shipping version 2.0 of its web security gateway appliance, and said the new modular structure opens the door for the company's entrance into additional markets, including web services security.

The company plays in the growing market for application-level preventative security systems, which promise to tackle holes left open by typical firewall, access control and IDS deployments.

If you’re tackling security, you’re doing it at the network layer or at the application layer, VP of marketing Tom Bennett said. You’re looking at letting the good guys in, or keeping the bad guys out.

The Teros-100 Application Protection System is an in-line device designed to keep the bad guys out at the application layer. Rather than using signatures to detect attacks, the device relies on a set of rules that roughly define safe HTTP or HTTPS traffic.

Bennett said the APS ships with about 200 prewritten rules for HTTP best practices. The device can also over time supplement these rules by learning, using Bayesian inference algorithms, what HTTP traffic is normal and safe in a particular deployment.

The APS is the first of a series of solutions to ship… that run on the same hardware platform, Bennett said. We’re also looking at securing different protocols such as web services. Such a product would likely ship next year, he said.

In version 2.0, the company is pushing its hardware platform and core software as the basis for future add-on function-specific modules and even different applications. In APS 2.0 there are two new modules that cater to specific business concerns.

CommerceSAFE is a set of rules that can identify and block credit card numbers from being sent out. AccessSAFE is a monitoring and reporting tool that can tell administrators how safe their users’ passwords are by comparing them against hacker dictionaries.

Also in 2.0, there is a web site defacement prevention feature. Home pages are given digital signatures, and the device can be instructed to not send out pages that do not conform to the page’s signature.

The company, which went by the name Stratum8 Networks Inc until a couple of weeks ago, sees companies such as Sanctum Inc and Kavado Inc as its primary competitors, although they provide software-only systems.

Source: Computerwire

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing