The Web    Google
Sun Plays New Security Card with VeriSign

Sun Plays New Security Card with VeriSign
February 11, 2004

SAN FRANCISCO -- Sun Microsystems (Quote, Chart) Tuesday said it is taking a fresh look at how its products can help secure networked systems.

As part of a multi-tiered revamp of its product lines, the company signed a "strategic alliance" with digital security firm VeriSign (Quote, Chart). The goal, say execs, is to address the ongoing scourge of network security threats and better react to malicious activity.

"Through the Sun/VeriSign alliance, we can now bring to more enterprises Managed Security Services that allow them to see threats not just inside their corporate walls, but across the Internet as well," VeriSign chairman and CEO Stratton Sclavos said in a statement.

The partnership is just one piece of a revamped security focus that Santa Clara, Calif.-based Sun is announcing this week. The network computer maker is also tipping its hand on its next-generation Solaris operating system, launching new Sun Managed Security Services (SMSS), unveiling a new Reference Solution for building secure global government computing networks, and advancing features for its Sun Crypto Accelerator 4000 board.

As part of its agreement with Mountain View, Calif.-based VeriSign, Sun will be able to tap into the security firm's Intelligence and Control Services for Network Security. The platform includes vulnerability assessment software, around-the-clock management and security threat monitoring. The partnership is an offshoot of Sun's new Sun Managed Security Services (SMSS) offering.

Sun senior product manager David Cruickshank said this is the company's first strategic relationship with VeriSign.

"We've had a reseller agreement with them and they are SunTone certified but there is an opportunity here," Cruickshank told "Security is an important consideration. Prior to delivering the systems, customers need to know that they can trust that environment. What we are offering here is a larger portion of a security portfolio and we expect to build a roadmap with the Sun Solaris OS fingerprint working with VeriSign."

Cruickshank also said there is also no reason Sun's security partnership couldn't be extended to other players in the space such as Symantec.

SMSS can be deployed as a standalone security solution or as a component of a comprehensive multi-sourcing strategy. The platform will be available later this month as fixed-priced subscription services in one-to-three-year terms.

Sun also announced a new Sun Reference Solution for Secure Network Access Platform (known at Sun as SNAP). The platform is based on best practices from Sun key customers such as the US Pacific Command's Joint Intelligence Center Pacific (JICPAC), which provided the business and technical requirements necessary to create the solution for role-based network access and secure collaboration.

The SMSS platform also includes a Process Rights Management feature, which limits access of processes and applications to system resources. Sun said the technology prevents a hacked application from corrupting the entire system by partitioning the processes into individual containers and keeping them separate.

Sun has also advanced its Solaris Cryptographic Framework, The single-style framework runs in the background for easier administration and common utilization of cryptographic routines in Solaris. The framework also uses optimized crypto algorithms in Solaris and is based on PKCS #11.

Lastly, SMSS said it has an advanced IP Filter, which is based on the open source version of IP Filter firewall. The technology supports Solaris 10 and provides access to the screening of network traffic in/out of the server, a workgroup of servers or a whole enterprise. This allows a customer to select which services on the network they can access as well as provide protection from potential hackers.

Also on the software side, Sun is fastidiously preparing Solaris 10 for an official launch date just before the end of this year. As previously reported, Solaris 10 will include N1 Grid Containers, predictive self-healing technologies and security enhancements. The next-generation operating environment will also serve as the inflection point between Solaris and Trusted Solaris, giving enterprise customers the same security features as Sun's government customers.

While the company continues to test new additions with its Solaris Express program, company execs were fuzzy on the exact cutoff date to make the final version of Solaris 10.

  • MS Patches 'Moderate' DirectX Flaw
  • 4/12: Mytob-AR Yet Another Variant
  • Protect Your Passwords -- Part 1
  • 5/3: SymbOS/Locknut-C Infects Handsets
  • Secure Messaging Vendor Offers Management Appliance
  • In the Year 2005, Will Your Anti-Spam Arsenal Be the Same?
  • Disaster Recovery Still Just an IT Responsibility
  • 2/11: Rbot-VT Worm Has Backdoor Ability
  • 11/29: QLowZones-2 Modifies IE Settings
  • Making Outlook Less Insecure
  • FTC Publishes Web Site on Fraud Cases
  • Security Camera Articles