The hot intrusion detection market has seen a flurry of activity since January, with acquisitions, start-ups, an IPO, new products, and, earlier this month, a patent lawsuit. The activity responds to worries by corporate network managers that firewalls alone aren't enough to protect against attacks.
Check Point, which began as a firewall company but has expanded into broader security and network software offerings, will sell the RealSecure intrusion detection software from Internet Security Systems under Check Point's name, one of only a few OEM relationships for either firm.
Hewlett-Packard announced that it will license intrusion detection software from Cisco Systems, giving HP access to technology that Cisco acquired in February with the Wheel Group. HP will incorporate the network intrusion detection software into its OpenView network management software, calling it HP OpenView Node Sentry.
HP also made two other security-related announcements today about giving employees or outsiders access to sensitive information on a corporate network. HP OpenView Access Manager regulates individual employees' access to operating systems such as HP-UX or Windows NT, databases such as Oracle's, and applications like SAP's R/3.
HP also announced that a new product, Praesidium Authorization Server, is now shipping. Authorization Server lets intranet and extranet managers control who can see specific data or perform specific actions on an individual basis. HP says the authorization server, part of its Praesidium family of security software, goes beyond authentication, which vouches for the identity of a specific user.
"Authorization Server provides IS managers with the safety valve needed for rapidly deploying and maintaining virtual business relationships over the Net," Jim Hurley, an Aberdeen Group security analyst, said in a statement.
HP's version of the intrusion detection software uses sensors to monitor network traffic, then consolidates the data on a console to allow surveillance and to detect patterns of intrusions. Like the Access Manager, Node Sentry integrates into OpenView.
"We see intrusion detection as a significant emerging market opportunity," said Bradley Brown, Check Point's director of business development, noting that Check Point looked at several options before settling on ISS, which had already been a Check Point partner.
In a report earlier this month Yankee Group estimated the "adaptive network security management" market, which includes both intrusion detection software and tools to probe networks for security holes, at the $45 million mark last year. That's consistent with Aberdeen Group's estimate in January.
Yankee estimates the market will boom to $160 million this year and reach $315 million in 1999.
Both reports name ISS, which went public in March, as the leading vendor, garnering 30 percent last year in Yankee's estimates. Yankee lists Axent Technologies at 19 percent, Network Associates and Cisco at 11 percent each, and Security Dynamics at 10 percent, with smaller firms dividing up the remainder.
Activity in the intrusion detection space began last fall, when firewall vendor Trusted Information Systems acquired Haystack Labs. In March, TIS itself was purchased by Network Associates, days after Cisco bought WheelGroup.
In May, Network Associates also bought intrusion protection firm Secure Networks, which makes software for security managers to probe their networks for vulnerabilities.
Earlier this month, Network Associates sued ISS, charging it with violating a patent held by Haystack Lab. ISS disputes the allegation. In an effort to undermine ISS, Network Associates also is giving resellers a free copy of its CyberCop Scanner tool, which competes with ISS' RealSecure.
Check Point said its version of RealSecure will be available through resellers by October for $8,995, similar to pricing from ISS.
HP OpenView Access Manager and HP OpenView Node Sentry are expected to be available in the fall, with pricing to be released in September.