NAI partnership with ISS in jeopardy

NAI’s president Gene Hodges told ComputerWire Tuesday that the main IDS [intrusion detection systems] vendors and mainly ISS will be competitors following the acquisition, which is expected to close within 45 days.

That seems to rule out NAI integrating ISS’s intrusion detection technology into its Sniffer line, which was the goal of a deal between the two firms announced in May 2002. Hodges said IntruVert’s technology will become part of Sniffer next year.

NAI did not respond to a request for comment yesterday, and ISS declined to confirm that the deal is over. But ISS CTO Chris Klaus suggested to ComputerWire that even if it is over, the direct impact on ISS would be negligible.

To the extent this could affect sales, revenue and our internal plans… there is little to zero impact, Klaus said. They hadn’t actually started shipping product… A lot of it was just a marketing partnership.

Klaus and an ISS spokesperson said that ISS is investigating the impact of the NAI acquisition of IntruVert internally and is in conversation with NAI. The spokesperson said because of the company’s self-imposed end of quarter quiet period, they could not comment on the status of the talks.

IntruVert is a player in the emerging IPS, or intrusion prevention systems, market. IDS typically sits next to a network sniffing for possible attacks and alerting administrators, while IPS sits in the data stream and stops attacks automatically.

Both NAI and ISS agree that IPS is the goal for the industry, but that the technology is not sufficiently advanced for many potential buyers, due to current perceptions about the high level of false positives.

A high number of false positives is merely annoying with a passive IDS, but it becomes a business risk with a proactive IPS, which has the ability to stop potentially legitimate data if it suspects an attack.

Can they detect the latest threats and attacks and can they do it with zero-day protection? ISS’s Klaus said of the increasing number of companies entering the IPS market. With zero false positives, and zero impact from performance degradation, or as small as possible?

Nobody is claiming such foolproof systems yet. ISS has not promoted RealSecure Guard, its inline IPS, particularly heavily. ISS’s RealSecure IDS products have the ability to integrate with firewalls, reconfiguring them on the fly when known threats are detected.

Currently, firewalls from vendors using Check Point Software Technologies Ltd software are supported, but Klaus said that ISS is going to be announcing some additional third-party integrations soon, likely involving other firewall vendors.

A second part of last May’s deal would have seen ISS incorporate NAI’s McAfee virus-scanning technology into RealSecure. Klaus said that no product has shipped under this part of the deal either, but declined to comment on future possibilities.

Source: Computerwire

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up