Feature

Security for your security appliances

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Salary survey reveals storage skills are in demand."

Download it now to read this article plus other related content.

Decru, the storage encryption company owned by Network Appliance, is using Mu Security's security analysis product to find vulnerabilities in its own security appliances.

If this sounds paranoid, think again, says Jon Oltsik, senior analyst, information security at Enterprise Strategy Group, Milford, MA. "Extending the vulnerability mindset into storage is an important step toward really safeguarding sensitive data," he says. "Encryption technology has a giant target painted on it."

Decru has deployed the Mu-4000 Security Analyzer to "see where hackers might be able to exploit our product," says Kevin Brown, Decru's VP of marketing. "It generates millions of permutations for how hackers might attack us. For example, is our key management system leaking information?"

By using the tool, Decru hopes to catch vulnerabilities earlier in its development cycle and speed up its time to market, says Brown, adding that none of Decru's customers has reported any weakness in the product yet.

Joel Schwalbe, VP of technical services at CNL Financial Group, has been using Decru's product for approximately a year to encrypt all of his company's data going to tape and says they haven't experienced any security issues so far. "We're a small company, so we're relying on Decru to perform this kind of testing for us," he says.

Decru competitors NeoScale Systems and Vormetric say it's important to conduct this kind of testing. Both firms do, but were surprised

Requires Free Membership to View

Decru would want to advertise which products it uses to perform these tests.

"It's like raising a red flag to a bull," says Tom Grubb, VP of marketing at Vormetric.

Dore Rosenblum, NeoScale's VP of marketing, says NeoScale is working with Entrust to authenticate devices touching its product, and with Optica Technologies to integrate its mainframe tape-encryption keys under the NeoScale CryptoStor KeyVault system.

EMC isn't sitting on the bench in this area. It recently acquired Network Intelligence, which maintains logs on all security-related activity on a network. EMC's motives for acquiring Network Intelligence, however, are a bit more transparent than Decru's partnership with Mu Security.

"Security logs eat tons and tons of storage," says Oltsik. "Increasingly, a security requirement is going to lead to a storage data management requirement."

--Jo Maitland

This was first published in November 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: