FinjanVital Security™ Web Appliance NG-5100 wins in 3 prestigious categories
Finjan is a leading provider of web security solutions for the enterprise market. We deliver the highest rate of malicious code detection, using real-time code analysis technology. By understanding the true intent of web content, Finjan blocks malicious web attacks (e.g., spyware, phishing, Trojans, obfuscated code, and other malicious code) on-the-fly, without requiring signatures or patches. Finjan’s solutions prevent any malicious web content from entering the corporate network, allowing companies to maximize productivity without security worries.
Finjan offers its award-winning Vital Security™ Web Appliances for businesses of all sizes, as well as the Vital Security™ SDK for ISVs and service providers that wish to incorporate Finjan’s revolutionary security capabilities within their own applications. Finjan’s installed base comprises millions of enterprise users worldwide. Our customers include Fortune 1000 companies in the finance, banking, insurance, healthcare, and airline sectors, as well as large government agencies.
Finjan set a new standard for web security with its real-time content inspection technologies, which rely on Finjan’s rich intellectual property portfolio including 20 granted and 24 pending patents. Our Malicious Code Research Centre (MCRC) is a renowned leader in the detection of dangerous vulnerabilities that could be exploited for malicious attacks.
Yuval Ben-Itzhak, Chief Technology Officer
Finjan
As Finjan’s Chief Technology Officer, Yuval is responsible for developing Finjan’s technological vision and advancing its product and solution roadmap in line with the ever-growing security needs of businesses and enterprises. His responsibilities include the ongoing development of Finjan’s robust intellectual property portfolio, which currently includes dozens of granted and pending patents in the content security domain. Yuval also heads Finjan's Malicious Code Research Center (MCRC), dedicated to keeping Finjan’s security technology steps ahead of the hacker community.
A security industry veteran, Yuval brings strong technology and visionary leadership with proven innovation record to Finjan, as gained in over 15 years of high-level management and professional positions. Prior to joining Finjan, Yuval was the founder and CTO of KaVaDo Inc., a leader in web application security (acquired by Protegrity Corp.). In KaVaDo, Yuval lead the company from establishment to a global company with millions of dollars in revenue. Prior to KaVaDo, Yuval was CTO at Ness Technologies (NASDAQ: NSTC), a global provider of end-to-end IT solutions and services. As a senior project manager at Intel Corp. (NASDAQ: INTC), Yuval was in charge of the design and development of multi-million dollar software projects. Yuval began his professional career as a member of an elite intelligence unit of the Israeli Defense Forces, where he was responsible for the design and development of security systems for mission-critical projects. Yuval holds various patents and patent applications in security and networking technologies, and has written dozens of articles on security and networking that have been published by the global media. Yuval has been selected as InfoWorld's "Top 25 Most Influential CTOs of 2004". He earned a B.Sc. in Information Systems and Engineering, cum laude from Ben-Gurion University, Israel.
In the following interview, Yuval, Chief Technology Officer, Finjan discusses with Rake Narang, Chief Editor of Info Security Products Guide, today's sophisticated web based threats and the continued dependency of enterprises on the web for their mission-critical business applications.
Rake Narang, Chief Editor - Info Security Products Guide:Finjan products have won the 2007 Global Product Excellence Award and on behalf of the Info Security Products Guide editorial team, I would like to congratulate you and everyone at Finjan for this achievement. What makes Finjan products unique and how does your product management team ensure that the products meet the needs of most users? Yuval Ben-Itzhak, Chief Technology Officer, Finjan: As technologies continue to develop at a rapid pace and hackers are motivated by business interests, attacks are becoming more clever and stealthier in order to avoid detection. Moreover, as corporations increasingly depend on the web for business applications, access to information, email and other everyday business activities, their networks are exposed to these threats on a daily basis.
Web-based threats, such as spyware, phishing, and trojans, represent the main attack vector for malicious code propagation due to their ability to elude traditional security solutions. These attacks are used to steal users’ personal details, banking and credit card information, as well as compromising intellectual property. Current trends point to the fact that the web has become the main vector for malicious code propagation. Commercially-driven hackers understand that signature-based solutions are not designed to counter code obfuscation, Web 2.0 platforms and technologies, and other dynamic attack vectors in today’s web scenario.
Today’s sophisticated web-based threats propagate through silent installations and drive-by downloads, often without end-user awareness. Emerging trends and advanced techniques, such as Web 2.0/AJAX exploits, dynamically obfuscated code, Botnets and the like, are among the tools being used by hackers to surreptitiously take control of victim computers. The growing phenomenon of targeted attacks, aimed at stealing identities or compromising confidential information from a particular system or computer, is nearly impossible to detect using traditional security tools.
IT security is a key priority for enterprise users, which realize the serious potential implications of today’s web-borne threats on their business and on the integrity of their customers’ private information. These sophisticated threats, including the growing phenomenon of targeted attacks aimed at stealing identities or compromising confidential information from a particular system or computer, represent a major challenge as they are nearly impossible to detect using traditional security tools. Moreover, in terms of regulatory compliance, financial organizations in particular need to be able to prove that they have implemented security measures aimed at protecting data from being stolen, destroyed or altered via malicious external attacks.
In terms of protecting their data resources, reactive security technologies were not designed to combat the vast majority of today’s dynamic web-based threats, comprised mainly of Spyware and other types of malicious code. Since signature-based anti-virus solutions require time to discover malicious code in the wild, create a signature and deliver an update to their databases, they cannot offer immediate protection against new, unknown threats and targeted attacks.
The way to detect modern malicious code is to be able to understand what the code intends to do, before it does it. As website content is becoming more volatile, and domain names can be set up for brief periods of time, the task of “keeping track” of the malicious content on the WWW is becoming ever more difficult. Attempts to pattern malicious code and create signatures, or to categorize known malicious sites, are clearly insufficient when it comes to providing adequate protection to today’s dynamic web threats.
"As our customers have come to expect, Vital Security Web Appliance provides the highest level of malicious code detection. We are honored to have received these awards, which reflect Finjan’s unswerving commitment to maintaining the technological superiority of our products, leveraging our unique real-time content inspection techniques."
Dan Frommer, VP Products - Finjan
Vital Security™
Web Appliance NG-5100
Rake Narang:What are the common problems that users (security) face today? Are most users under secured or over secured when it comes to protecting their digital resources? Yuval Ben-Itzhak: The fact that the WWW continues to flourish and that enterprises continue to depend on the web for their mission-critical business applications is probably sufficient grounds to claim that the security industry is winning the battle – at least for the time being. However, one must understand that the evolution of the security industry has been characterized by a constant battle of wits between the security companies and the virus writers/hackers. Each time a new type of attack appears in the wild, the security companies scramble to create a solution. Then, as soon as the hackers become familiar with the newest defense, they devise a new method to circumvent it.
Today, I believe that the security industry is ahead of the threat and that effective technologies are available to combat new threats. Again, this situation is not static and it’s just a matter of time before today’s highly professional and financially-driven hackers take the next step forward to new attack vectors. We should also keep in mind that not everyone is using the latest web security technologies. Those still using older, reactive signature-based technologies are easy prey for attackers who skillfully craft dynamic web-based attacks that bypass these solutions.
"Product management is a critical function in today’s web security market, as we are continually challenged to keep our security products at the cutting edge to protect our customers from the next new threat. At the same time, we continue to invest major efforts in ensuring that our solution provides users with efficient manageability, optimal usability and maximum productivity."
Gal Cohen, Vital Security™ Product Manager - Finjan
Finjan Inc.
2025 Gateway Place
Suite 180
San Jose, CA 95110 www.finjan.com
