The new SSH Tectia software is designed to secure remote administration of systems and offer smart card or token-based two-factor authenticated access to any business application used by large financial institutions or other big business.
Some modules of Tectia are based on existing SSH products. But the addition of SSH Tectia Manager as a new operations module is intended help reduce the operating costs of large deployments by bolstering security management.
Tectia is an umbrella of products that can be used to secure file transfers, control access to networked applications, or manage certificates and PKI implementations of the Secure Shell server on Unix and Windows.
SSH claims its new managed security middleware approach overcomes some of the limitations of network-level, application-layer and single point security products.
Network-level security only secures connections at the firewall or VPN gateway. Application level security using the Secure Sockets Layer protocol results in significant integration costs, since every legacy and non-SSL application requires the technology to be integrated. Point-product security tools based on open source projects such as OpenSSH or OpenSSL lack procedures to rapidly deploy software updates to address security vulnerabilities often found in open source software.
The Tectia proposition is that managed security middleware operates between the underlying IT infrastructure and the business applications being carried so that the complexity related to interoperability, overall system management, and security maintenance is greatly reduced. Since Tectia is not integrated into the individual applications, it is possible to extend centrally managed security to any client/server application.
It claims to secure applications without any modification to the underlying IT infrastructure. If that claim is correct, the system could help plug a hole that has developed in the security infrastructure. Notably, the measures taken to secure internal applications are not as robust as those made at the network perimeter where firewalls, IDS or VPN gateways are deployed. One reason is that a firewall can be configured according to a number of preset rules, whereas it is difficult to produce comparable rules for applications because no two sets of application attributes are alike.
The 140-strong Finland-based company, which carried out a successful $50 million IPO in 2000, counts UBS [UBS], Commerzbank [CBKGq.L] and BACS [BAC] among its customer base. It has revenue of about $17 million, and claims it is operating with a positive cash flow..
This article was based on material originally published by ComputerWire.
