Barmak Meftah, VP, Engineering Arthur Do, Founder/Chief Architect
Source Code Analysis 3.0
If I were in the marketing group of Palo Alto, Calif.–based Fortify Software, I'd have given this product a more hardball name, like Stonewall, Ironsides or Kevlar++. Why? Because this product can bulletproof your code against typical exploits such as buffer overflows or cross-scripting ploys.
The suite analyzes C, C++, Java, JSP, PL/SQL, C# and XML files, alone or grouped within an application, with a remarkable degree of understanding about what the code's doing in the context of the application. In addition to the typical buffer overflows, its user-extensible rules detect situations that spot-check manual security reviews often overlook.
Source Code Analysis 3.0 pinpoints security vulnerabilities throughout the code base, across processes, tiers and language boundaries. After-the-fact security audits can also be run at any time through the whole project.
The depth of the analysis can be a shock, but continued use will markedly change the way a team writes any new piece of code, because team members begin to anticipate what kinds of code the suite will pounce on. Over the long term, then, not only does this product buttress an organization's code, it also ups the game of developers themselvesa rare combination. Have security fears for your tiers? Then get Fortify-ed.
Productivity Award Winners
Back in 1975, when the killer shark of the movie classic Jaws scared the popcorn out of moviegoers' hands, seafood restaurants around the country put up signs saying "Get Even. Eat a Fish." CounterPoint, from Austin, Tex.–based Mirage Networks, takes the same let-me-at-'em attitude toward network intruders. Clever manipulation of the Address Resolution Protocol (ARP) renders denial of service attacks, worms, scans and other rapidly progressing threats completely ineffective. Or, it can lure hacker types to sludge pots of slow response, impeding their reconnaissance of network assets.
CounterPoint does all this without needing software agents on workstations or servers, and without introducing any latencies in the network. Its administration interface is fast and lean, in keeping with its deadly seriousness.
ISA Server 2004
Microsoft's Internet Security and Acceleration Server may not be for dummies, but it is made simple. This advanced application-layer firewall, virtual private network (VPN) and Web cache solution improves network security and performance. We especially appreciated its simplified administration user interface that helps administrators avoid common security configuration errors through templates and wizards, context-sensitive task panes, advanced troubleshooting tools and an intuitive policy model that prevent configuration errors.
Don't be fooled by its ease of useISA is backed by tried-and-true technology that protects against a complex array of security threats through both stateful packet inspection and application-layer filtering of Internet protocols such as HTTP, VPN, SMTP, POP3, DNS, H.323, streaming media and RPC traffic.
POPFile is an open-source e-mail classification software that can filter messages into predefined categories, including a spam folder for spam filtering. It works with almost any operating system and e-mail client because it's written in Perl and runs a client-independent POP proxy. You can run POPFile as a local proxy on your PC for personal use or run it on a server for a group of users.
The POPFile e-mail-filtering proxy retrieves messages from your existing e-mail servers and then classifies them by adding additional information to the subject line or to the header. The e-mail clients retrieve the classified messages from the POPFile proxy; then POPFile automatically saves the messages to predefined folders based on the classification information in the subject or header. As with any other Bayesian-based filters, you need to manually train POPFile.