CP Secure: Virtually Lag-Free Layered Protection

Taking a layered approach to network security is nothing new. In fact, you would be hard-pressed to find a business that relies solely on one mechanism or technology to keep threats at bay. The rub is that these layers usually end up chipping away at network responsiveness as they each interrogate files, dissect packets, and pattern-match.

Even with today's fast processors, it's not unusual to wait an extra second for a web page to load or email to get delivered. But in an age of Web applications and sites that strive to mimic the responsiveness of native apps, those seconds can add up to a frustrating experience for end users.

David Lu, CEO and co-founder of CP Secure, says his company's latest products are meant to not just tackle the lag security appliances introduce into networked environments, but also make it easier deploy and manage. Describing a deployment as "nondistruptive", the device has proven "easy to install, taking 5-10 minutes of preconfiguration and running in seconds," says Lu of the process some of outfitting some of his customers.

"Before, applications didn't require instantaneous response," explains Lu. But now that web apps play a crucial role in many enterprises, either on a LAN, WAN or across the Internet, it becomes apparent that to deliver "effective protection on HTTP, performance becomes very important."

CP Secure decreases lag by processing packets in a manner the company equates to streaming instead of approaching unpacking, scanning, and signature correlation cycles in lockstep. The latter batch technique is typical of malware detection systems that not only "spend a lot of redundant cycles on the same piece of information," but also require lots of disk space and tax internal I/O, which snowballs into lag for the endpoints, explains Lu. Even if they tout speedier ASICs, pattern-matching acceleration circuitry does little to address the most intensive part of the entire process - extracting a signature and correlating it with a database.

Malware detection is nothing new to CP Secure. Besides developing its own engine, cofounders David Lu and Shuang Ji, the firm's CTO, led the product management and engineering efforts for Trend Micro gateway security software prior to establishing the company.

Instead of methodically collecting, scanning and releasing data back into the network, CP Secure's stream scanning technology was designed to add a level of overlap to these steps. Effectively, retrieval, scanning and output functions are taking place in a more concurrent manner, meaning that qualified data is released while the data capture process is still occurring.

In a typical network configuration, the company's Content Security Gateway Appliance (CSG 1500 version 2.0) sits just inside the firewall. The enterprise-grade unit provides a host of anti-malware protection to defend against blended attacks that rely on multiple vectors and scans across several common protocols, namely HTTP, HTTPS, SMTP, IMAP, POP3 and FTP. In addition to rooting out viruses and worms, the CSG affords anti-spam, content filtering, and URL blocking benefits.

CP Secure's CSG 1500 v2.0 is designed to protect systems numbering in the several thousands, says Lu. Priced at a flat $23,499 per appliance with a year's worth of updates, this model provides scanning throughput of 71 Mb per second and can process 460,000 email messages an hour. For smaller organizations, the company offers the GSG 1000, 300 and 100 priced at $17,995, $5,995 and $2,395 respectively.

That takes care of threats coming from the outside in. However, apart from ultra-contained environments, the threat of malware entering from inside the perimeter only increases as workers and guests travel outside the office with their gear.

CP also has this covered with the new WormSecure 500 appliance. Built to watch over 500 systems grouped into as many as six security zones, WormSecure scans TCP, UDP, and ICMP packets at a rate of 500 Mb per second. The device checks traffic against the company's worm signature library and utilizes behavior-based detection for unknown threats and zero-days. If the presence of a worm is discovered or telltale network usage patterns detected, the infected system's traffic is blocked.

Ultimately, stresses Lu, a secure network shouldn't come at the cost of sluggish performance and lost productivity. In deploying a network security appliance, "the key point is that it needs to sit there where the user can do their work and not introduce barriers."

Though headquartered in Cupertino, CA, the company provides around-the-clock signature updates and global support thanks to offices in Europe, including Germany and the UK, and in Asia.

Both CSG 1500 v2.0 and WormSecure 500 appliances are available now. WormSecure 500 is priced at $9,900.