Cigna jumps into online insurance

Five separate data security initiatives were announced today, each aimed at easing the fears of Web site hacks.

4 min read
Five separate data security initiatives were announced today, each aimed at calming the nerves of network managers who have been spooked by hacks of high-profile Web sites.

Network managers charged with securing data on computers attached to the Internet can choose from among newly upgraded software products from Axent and Internet Security Systems, new scanning software from Netect, an insurance program, or a service provider that offers financial guarantees.

The latest to jump into the Internet security market is giant insurer Cigna Property & Casualty, which will sell insurance that guards companies against financial losses suffered at the hands of hackers. The program mimics in some ways the TruSecure offering of ICSA, a for-profit security firm that inspects corporate networks and offers $20,000 if the system security is breached.

Cigna's program is run in conjunction with the networking giant Cisco Systems and NetSolve, a network security outsourcer. NetSolve uses the NetRanger intrusion detection software that Cisco acquired in February with Wheelgroup.

Coverage for Cigna's new Secure Systems Insurance ranges up to $25 million, and premiums run into five figures.

Cigna's insurance covers computer crime involving theft of money, securities, and property, damage by hackers to a business's data or software, and business losses stemming from attacks on a company's computer systems. Traditional property and general liability insurance policies do not address these risks, Cigna said.

The insurance giant's entry comes on the heels of several high-profile hacks. Richard Brewer, senior analyst at International Data Corporation thinks the September attack that shut down the New York Times Web site has put corporate security managers on notice that their systems may be vulnerable.

"When somebody messes with your Web site and your commerce system, they are messing with your money," Brewer said. "It's not just making you look foolish, it's not just an annoyance--your business can now be shut down by hackers, not merely inconvenienced."

A survey conducted earlier this year by the Computer Security Institute, in conjunction with the FBI, showed a 36 percent increase in quantified losses from security breaches compared to the previous year.

ICSA is expanding its TruSecure service by covering virtual private networks (VPNs) as well as perimeter defenses of corporate networks. The service already tests networks for security holes, recommends remedies, and then assures companies that their defenses can't be breached in an external attack.

TruSecure VPN includes remote and on-site assessments and encryption testing as well as advice on closing security holes. Once a site is certified safe, ICSA rechecks it quarterly.

A recent IDC study found that security worries are dissuading companies from expanding their VPNs. VPNs use the public Internet for encrypted communications instead of utilizing costly private networks.

ICSA runs a product certification program for VPN software, and the new TruSecure VPN service builds on those testing procedures. The VPN service is available now for $18,900; the full TruSecure service starts at $39,900 annually.

Netect today unveiled its new HackerShield for Windows NT, which is designed to scan both networks and NT servers for security holes, including vulnerabilities in the operating system. The software can automatically correct some security holes.

Designed for systems administrators who are not security experts, HackerShield starts at $695 per server. Agents for Solaris, Windows 95, and Unix will be available by March 1999.

The two intrusion detection software rivals, Axent and Internet Security Systems, are basically adding technology that the other one has. Intrusion detection software, which detects and responds to attacks, comes in two forms--network-based monitoring and host-based systems.

Axent has had host-based intrusion detection software, and now it's adding network monitoring. ISS has been a network-based monitoring system and now it's adding hosts. Both say no one else has both kinds of intrusion detection software.

Axent calls its new network-monitoring technology NetProwler, and it works with Intruder Alert 3.0, Axent's host-based product.

"The best, most comprehensive intrusion detection software needs to have both network- and host-based capabilities packaged together under a single management interface," Steven Foote, an analyst at Hurwitz Group, said in a statement.

ISS is adding host-based monitoring in version 3.0 of its RealSecure product, due to ship in December. Pricing is based on the size of a network and begins at $8,995.

ISS also announced that Entrust Technology, which markets public key infrastructure software for issuing digital certificates, will bundle ISS' host-based intrusion detection software with Entrust's PKI systems by year's end. A free 60-day evaluation copy of ISS' network-monitoring software, Internet Scanner, also will be shipped with Entrust applications.

In addition, ISS also introduced a new decision-support application that integrates data from its intrusion detection software with third-party information to give customers a view of their enterprise's entire security set-up. SAFEsuite Decisions automates the collection, integration, analysis, and reporting of security data from multiple sources and locations. It can use data from security software from other vendors, such as firewalls.

SAFEsuite Decisions 1.0 is scheduled to ship by year's end with pricing from $25,000, depending on the size of a protected network.