Positive Networks Blog

News from our channel development group - Positive has just announced a partnership with Jamcracker, who will begin reselling the PositivePRO VPN service immediately. Welcome to the team, guys!

Positive Networks has just launched PhoneFactor 1.0, our free phone-based two-factor authentication service. Much more information is available at the PhoneFactor website, and I blogged about it in more detail at the PhoneFactor blog and on my personal blog.

Enjoy!

After years of selling direct only, Positive is launching a new reseller program for our VPN services. In the process, we’ve added Chris Austin to our management team, who will head up the effort to get resellers engaged. Chris has a wealth of experience doing exactly this kind of thing, including most recently at VMware.

Chris and Jason Sloderbeck, Director of Service Delivery, announced the program at Interop yesterday. The announcement has been covered in the press in several places, including articles in InfoWorld and The Inventory Directory. A few sites also picked up the press release, including AskWebHosting.

This announcement represents the culmination of several months of intense work by Chris and his team, and I’m glad to see it getting such a good reception. If you are interested in learning more about Positive’s reseller program, check us out at the program’s website, or give us a call at 913-499-4100.

After months of development and a couple of years of research and planning, I’m thrilled to announce that Positive Networks is readying its new two-factor authentication service, PhoneFactor, for launch this summer.

PhoneFactor is a phone-based two-factor authentication system. It works like this:

1. A user enters her normal username and password and logs in
2. Immediately, the system places a confirmation phone call to her pre-registered phone number
3. The user answers and presses # to confirm the login

You’ll notice that there are a few distinct advantages to this system. Most obviously, users don’t have to carry around Yet Another Device. IT departments don’t have to manage Yet Another Device (mailing them out, RMAing them, doing token synch, yada yada yada). And because it’s just a phone call, it works on literally any TouchTone phone in the world - you don’t need a smartphone, a J2ME environment, or anything of the kind.

One of the biggest advantages of PhoneFactor, however, is that it’s free. From the first day it launches, Positive Networks will be making the PHoneFactor service available for free to everyone. More details are available at www.phonefactor.net, but the basic idea is that Positive is going to sign up to providing the standard PhoneFactor service for free, permanently. If you have a VPN product (including, of course, PositivePRO), or a public-facing web application, or a Citrix server, or virtually any other kind of networked application, you can add PhoneFactor two-factor authentication to it for free. Positive will even pick up the tab for the outbound phone calls, as long as they’re to domestic US phone numbers.

The PhoneFactor service is a legitimate free service, in the mode of GMail or Flickr. We plan on keeping it free permanently. It’s not crippleware, adware, shareware, or any other kind of badware. It’s not a trial, and it’s not time-limited. It’s simply a free service.

Now, we also have to pay to keep the lights on, so we’re planning on selling add-on modules to PhoneFactor that we think will deliver even more value than the standard service. We’re also going to provide our world-class administrative and end-user support services and our advanced integration service for a fee. More about the add-ons can be learned at www.phonefactor.net. It’s my honest belief that the standard PhoneFactor service will provide a lot of value to a great many organizations without the add-ons, and will probably be all that most organizations need. But, if you’re a Fortune 500 company considering an enterprise-wide deployment, some of these modules will probably be of great benefit to you.

You can probably tell I’m pretty excited about this. It’s not every day that you get to go out and solve a real problem with cool new software, and to top it all off, I get what every coder wants: the chance for my software to be widely used and appreciated.

The precise launch date isn’t fixed yet, but I expect to hear fireworks when we release it, if ya know what I mean.

There is a ton of additional information over at www.phonefactor.net, including a particularly fine white paper by yours truly. You can also sign up for the mailing list to be notified when we release.

I’m pleased to announce that we have just released MR#56 of our VPN system. Current customers will get this as a free upgrade, just like all of our improvements.

This release rounds out our Vista support and offers an improved VPN client installation experience. In addition, a powerful new set of tools for new customer set-up has made its debut, and we hope that they’ll be a big help in keeping the installation process smooth going forward.

The development, test, and operations teams have spent months building the best release of the Positive Networks system yet. For more information, please contact Positive Networks support, or if you’re not yet a customer, feel free to contact a sales representative.

We get calls all the time from companies that want to set up a site-to-site network securely over the Internet. Oftentimes they are replacing antiquated, super-expensive dedicated service from the phone company (T1 lines, ISDN, etc). There are a number of issues with site-to-site networking that need to be considered.

First, any site-to-site network has to be secure. It would be better to have a non-working site-to-site network than an insecure one. Virtually every company has some sort of sensitive data that they don’t want exposed to prying eyes, from payroll data to customer lists and so on. It turns out that the security requirements for a solid site-to-site implementation are very similar to the requirements for a good remote access VPN: data privacy through strong encryption, authentication of both ends of the connection to each other, and active monitoring of the connection.

The next most important aspect of a site-to-site network is getting (and keeping) it working. Set-up of site-to-site VPN connections is traditionally a job for network ninjas only, due to the vast array of choices and the myriad technical details that must be addressed during configuration. Network elements like NATs and firewalls tend to get in the way, as well. And with traditional site-to-site links (implemented using IPSec), having even one mis-matched parameter will prevent the connection from coming up.

Maintenance is also an issue. There is a well-known problem in site-to-site networking called the n-squared problem. It means that as the number of sites grow, the number of links you have to maintain between sites tends to grow quadratically. Here’s an example, based on IPSec: if you have two sites, you have 2 sets of configurations (one at each end). If you have 3 sites, you have 6 configurations (each router connecting to each other router). By the time you have 5 sites, you have 20 configurations, and if you’re unlucky enough to have 10 sites, you are at 90. A 100-site enterprise needs 9,900 router configurations to bring up all of its tunnels! Every time you add a site to the network, you have to touch every other site, and just setting up monitoring software to make sure the network is always working is a task in itself.

The last of the big issues I’m going to touch on today is performance. Site-to-site networks have even higher performance requirements than traditional remote access VPN connections, because an entire office of people is depending on the link instead of a single remote worker. Performance tuning of site-to-site VPN tunnels is a bit of an art, and it depends on the precise characteristics of the underlying network links. Sometimes adjustments to the applications themselves can be made to improve their performance, and sometimes network architecture changes can be implemented to work around slow links. In any case, having a highly tuned tunnel system is critical for a successful site-to-site deployment.

Of course, my favorite solution is to bring in Positive’s engineering team to handle all of these problems for you. Positive’s system was architected from the ground up to handle the security, scalability, manageability, and performance issues that are inherent in site-to-site networks. If you have questions about your own site-to-site situation, feel free to leave a comment or to give us a call.

OVERLAND PARK, KS (December 12, 2006) – Positive Networks, a leading provider of hosted/managed, secure remote access services, today introduced PositivePRO 3.5, the newest version of the company’s award-winning secure remote access service.

PositivePRO 3.5 users receive regular updates as part of the company’s product enhancement program, but the latest version of the service includes several major improvements, including:

• Auto-Detection/Provisioning - automatic setup detection and provisioning to create shorter installation times and easier access for any organization
• Handheld Access - the web-based VPN service is now able to work on handheld devices such as a Sprint 3G, Motorola Q, Windows Mobile 5, Treo 750w, Blackberry, T-Mobile, Cingular, Motorola Razr, or any phone with a web browser for greater access
• Vista Support - PositivePRO 3.5 will work with Microsoft’s new Vista operating system

Positive Networks continues to improve its award-winning PositivePRO service through improved access and speed, expanded service offerings, easier setup, expanded security and enhanced support, said Aaron Vance, Senior Analyst with Synergy Research Group. The SSL VPN market continues to expand dramatically. What Positive Networks has done with the launch of this new version of PositivePRO is make a hosted and managed service a viable choice for enterprises who need SSL VPN functionality without requiring an appliance.

PositivePRO has always been easy to setup, in contrast to the traditional hassles of implementing an appliance, said Todd Gugler, Product Manager, Positive Networks. Now with auto-provisioning, setup is almost effortless with automatic detection of network resources. This makes PositivePRO an obvious choice for enterprises that are IT resource constrained.

We are very pleased to offer PositivePRO 3.5 and provide complimentary upgrades to our existing customers, said Tim Sutton, CEO, Positive Networks. PositivePRO 3.5 offers all the features, functionality, scalability and security that make this service a cost-effective alternative to big-iron SSL VPN appliances. And PositivePRO 3.5 represents not only a solid technology choice for secure remote access, but a cost effective one that extends SSL VPN functionality to small and mid-size enterprise organizations.

Additional improvements included in PositivePRO 3.5 include:

Ease of Use

• AutoProvisioning - new automatic setup detection to make setup of the service even easier for any organization. This new feature automatically detects subnets, domain controllers, Wins servers, Exchange servers and other network resources making configuration quick and easy.
• New Policy Manager – improved format allows easier configuration and oversight on security and access control policies.
• Vista Compatibility - the web-based VPN service, WebTop, has been updated for compatibility with the new Microsoft Vista operating system.
• Anti-virus Integration - up to date integration with the leading antivirus programs is ongoing and PositivePRO 3.5 currently works with McAfee, Norton, Symantec, AVG, Authentium Command, Computer Associates, Kaspersky, Sophos, and Trend Micro Antivirus Programs.

Improved Access and Speed

• Direct Connect Technology – data is routed from corporate network to end user directly once security policies have been established, providing quick data transfer no matter where the end user is located.
• Handheld Access - allows employees to work the way they want, using handheld devices with security provided through Positive Networks. The web-based VPN service, WebTop™, automatically adapts to handheld device browsers. This brings email, file shares, and intranet capabilities to the mobile workforce.

Expanded Services

• Site-to-Site Connectivity - a new, cost-effective service for site-to-site VPN connectivity and secure remote access that is easy-to-use and requires no hardware at the data center or client.
• RemotePrint™ – leverages Positive Networks’ RemotePrint Agent to allow users or servers to print documents from any printer connected to the Internet. The agent used for this service can turn any Internet-connected, Windows computer into a print server that can be reached from anywhere on your LAN/WAN. It remains fully compatible with any server or print client, including backend print queues on Windows, Unix, VMS, Linux, and Macintosh. This functionality allows users to print to the designated printer, using installed drivers.

Expanded Security

Expanded Antivirus Software Integration - supports the following antivirus security software and adds new vendors and versions regularly:

• McAfee VirusScan 8, 9, 10, Enterprise 7, Enterprise 8
• McAfee ASAP
• McAfee Corporate 4.5.1
• McAfee Internet Security Suite 2005, 2006
• Norton Antivirus 2001-2006
• Norton Antivirus Corporate 7, 8, 9, 10
• Symantec Antivirus Corporate 7.6, 8, 9, 10
• AVG Antivirus 7.1
• Panda Antivirus
• Authentium Command Antivirus
• Computer Associates eTrust EZ Antivirus 7.1
• Kaspersky Antivirus 4.5, 5.x, 6.x
• Sophos Antivirus Small Business Edition
• Trend Micro OfficeScan 6
• Trend Micro OfficeScan 7

Policies can be configured to require antivirus software be installed and running with up-to-date antivirus definitions (DATs) on both the VPN client and WebTop. When a virus is detected by the antivirus software, PositivePRO detects this problem in real-time and suspends access to corporate network resources by putting the user in a captive portal until the virus is properly fixed.
Positive Networks offers a free copy of McAfee VirusScan Enterprise 8.0 that is installed automatically if the user’s computer lacks acceptable antivirus software. PositivePRO can also automate the distribution of McAfee DAT files during end user sign-on to ensure remote computers are always up-to-date.

Enhanced Support

Support Desk Chat – in addition to a toll-free number, Positive Networks provides a website link that offers a 24/7 live chat to all administrators and end users.

About Positive Networks

Positive Networks is the leading provider of hosted VPN and endpoint security services. Its flagship service, PositivePRO, combines a client-based VPN, a clientless, web-based SSL VPN, and remote desktop control into a single remote access service that scales to support thousands of users. With no hardware to install, PositivePRO is simple to implement and can provide complete remote access endpoint security control in 24 hours or less. PositivePRO’s easy-to-manage subscription model includes critical end-point security features like antivirus protection, anti-spyware protection, personal firewall protection, patch management and authentication to secure remote desktops and laptops. Site-to-Site VPN solutions are also available.

Positive Networks was awarded “Best-in-Class” Managed SSL VPN Service Provider for SMBs by Stratecast Partners and an AlwaysON AO100 selection. PositivePRO is a 2006 IT Week Magazine’s, Network Technology, Service Provider Weekly, Security Week, PC News Weekly, Hosting Weekly, and WebWeek Magazine’s “Editor’s Choice” selection, and an Info Security Product Guide Product Excellence Award winner for Best SSL VPN Managed Service. The company is a finalist for a 2007 SC Magazine Excellence Award which will be presented in February. For more information, please call 877-932-8671 or visit www.positivenetworks.com.

Continuing in our series on remote access buzzwords, today I’m going to talk about endpoint security. I can’t count the number of times I’ve seen this term on the cover of Network World and such, but it rarely gets a really concrete definition. Let’s rectify that.

Endpoint security, in a nutshell, is a set of technologies that are used on a user’s computer to keep that computer secure. The idea is that if your user’s computer is infected with malware, you don’t want to let that user spread disease to the rest of the corporate network via the VPN connection.

The principal components of an endpoint security solution are:

• Antivirus software - software to detect and remove viruses, worms, and other related problems
• Antispyware software - software to detect and remove spyware, adware, and other malware
• Critical updates software - software to make sure the computer has all of the critical OS and software updates installed
• Firewall software - software to keep unwelcome traffic from the Internet out of the computer, and usually also to keep traffic in that you don’t want leaving the computer

There are other important components as well, including authentication (including things like two-factor authentication), reporting, and intrusion prevention, but those are the big four of endpoint security.

Users of Positive Networks will be pleased to know that their PCs are secured, whether or not they have ever seen so much as a single patch before their first sign-on. Our system can be configured to address all four of these areas of endpoint security in a way that’s as painless as possible for users.

For more information, see our whitepapers on the subjects of endpoint security and authentication, or feel free to drop me or one of our engineers a line.

It turns out that our crayon drive made enough of an impact that we’re getting Kansas City TV coverage for it! If you are in the Kansas City area today, tune in for the NBC 5:00 news to see various Positive Networks employees making a gigantic crayon delivery.

In related news, I shot some video yesterday of various Positive Networks employees, and I’ll be posting some clips in the coming days. Watch this space!

Sorry I’m late in getting this posted, but we’re starting a webinar in 20 minutes. If you’re interested, click the link on www.positivenetworks.com.