Vendors unveil new security framework

Four network security firms will cross-license their technologies to make it easier for outside developers to build security features into their applications.

The SecureOne alliance, announced today, will let software developers build firewall, antivirus, encryption, and authentication features into applications through the use of a single toolkit.

The alliance involves cryptography firm RSA Data Security, its parent Security Dynamics (SDTI), antivirus vendor McAfee (MCAF) , and certificate authority VeriSign.

Cross-licensing their technologies is designed to make the four firms' products work together. The alliance also will result in a set of application programming interfaces (APIs) that RSA will deliver in updates to its existing software toolkits.

"We recognize that for a corporation, it takes more than a single point security product and more than one company to provide security solutions," said Jim Bidzos, RSA president. The four companies insist that other security companies also can join the SecureOne alliance.

SecureOne, which is still in development, will incorporate user authentication and secure information technologies from Security Dynamics; antivirus technology from McAfee; digital signature , cryptographic, messaging, and transaction security engines from RSA; and VeriSign's developer kit (VDK) for obtaining VeriSign digital certificates.

RSA plans to include support for these APIs in three of its encryption software toolkits: BSafe for general encryption, S/Pay for secure payments, and S/Mail for secure messaging.

As part of the SecureOne deal, McAfee also announced a new toolkit called VIPER (Virus Interface for Protective Early Response). VIPER will allow corporate and independent developers to block viruses and hostile applets in their applications by making calls directly to McAfee's VirusScan antivirus engine. The VIPER will be available August 8, but no pricing was announced.

In addition, McAfee CEO Bill Larson said McAfee will drop its desktop encryption software, PC Crypto, and instead offer SecurPC from Security Dynamics, a competitive product. MacAfee will bundle SecurPC with its VirusScan Security Suite (VSS). Security Dynamics will bundle VirusScan with SecurPC.

The alliance does not include management software for enterprise security, although both Security Dynamics and McAfee have separate management products.

If the alliance results in better integrated products, users will benefit, said John Powers, an analyst at Robertson, Stephens. Regardless, each of the four principals makes specific gains from the pact, he said.

Security Dynamics gets access to McAfee channels and loses a competitor as McAfee drops its PC Crypto product, Powers said. McAfee, which has been trying to expand beyond its antivirus software niche to become an enterprise security vendor, gains credibility from the other partners. RSA, in turn, locks McAfee into RSA's encryption products for future products, and VeriSign gains new credibility for moving beyond e-commerce and into intranets as a market for its digital certificates, Powers added.

The four partners also revealed other cooperative plans:

--McAfee will support Security Dynamics' user authentication products (SecurID tokens, SecurID smart cards, and software SoftID) into several McAfee products. Those McAfee products include VSS, NetShield Security Suite (NSS), and WebWall, McAfee's new firewall. The Security Dynamic authentication products help protect networks from unauthorized user access.

--McAfee will build RSA Digital Signature verification into its virus detection products, and RSA will add McAfee antivirus technology to RSA's toolkits.

--VeriSign will provide free Class 1 digital IDs for six months to customers buying McAfee's antivirus suite, VSS. McAfee's customers will be able to register for VeriSign certificates from McAfee's Web site.

SecureOne tools will be available from RSA. No pricing was announced. By year's end, RSA will add toolkit support for McAfee's VIPER engine; McAfee will ship its VirusScan Security Suite with RSA SecurPC and SecurID support; and Security Dynamics will ship RSA SecurPC with Viper integration.