Delivering Security on Demand

Companies are increasingly offering security products as services, but is it the best approach?

By Erica Naone

Businesses looking to make their IT departments more efficient and cost-effective have seized hold of the idea of "software as a service"--using software that is delivered remotely instead of hosted on in-house servers. Recognizing this trend, several computer-security companies have begun offering their products as services. Today, McAfee released a new version of a suite of security products called Total Protection Service, as part of its own push toward "security as a service."

Credit: Technology Review

Yet the security industry's shift toward delivering software from "the cloud" highlights some of the difficulties involved in transitioning to this approach. While experts agree that the newer approach can certainly increase efficiency and bring technical benefits, some also warn that not all security products work well when delivered this way. Since companies often disagree over what it means to provide software as a service, the shift can also create confusion for potential business customers looking to evaluate their options.

McAfee's Total Protection Service suite operates remotely, with the exception of a few small pieces of software installed on individual employees' computers. The product protects computers against Web and e-mail threats, monitors inbound and outbound network traffic, and analyzes devices connected to a corporate network. It also assesses a company's website for potential vulnerabilities that attackers could exploit.

McAfee's upgrade to Total Protection Service is a logical expansion of what the company was already doing, says Natalie Lambert, a security analyst for Forrester Research. Lambert says that other companies are likely to follow suit, by offering products that shift as much as possible into the cloud in order to appeal to clients looking to lower costs. For now, she notes, McAfee's traditional products still have more functionality than what it's offering as a service; in the future, she expects little difference.

Panda Security, based in Spain, is another a company that offers security products delivered as a service. Josu Franco, the company's corporate customer unit director, says the approach can save customers money, particularly when employees work from a variety of locations, and can streamline the process of managing software and keeping it up to date. He adds, however, that fully protecting a business still means installing some software on the devices being protected. Moving security completely in the cloud, while also protecting the end user's device, "is not a viable option today."

Some security products make more sense delivered as a service than others, according to John Pescatore, who specializes in security and privacy as a vice president and research fellow at Gartner Research. It makes sense, he says, that most e-mail security products are based in the cloud, since e-mail comes to organizations through the Internet and can be filtered before arriving. Denial-of-service attacks, which involve flooding a computer server with dummy requests that make it impossible for it to respond to legitimate traffic, are also good candidates for cloud-based solutions, Pescatore says. In fact, many companies already rely on Internet-service providers to filter their Web traffic remotely.

Other common security products, such as firewalls, which rely on large amounts of bandwidth, make less sense delivered via the cloud. Products that are heavily tied to internal computer processes, such as authentication and access-control software, also work better on-site, Pescatore says. Furthermore, if a product still requires a customer to install some software, Pescatore doesn't consider it a true security-as-a-service offering.

Paul Judge, chief technology officer of Purewire, an Atlanta-based Web security company, argues that the software-as-a-service approach is especially suited to handling modern Web threats. This, he says, is because users typically use a range of different devices and networks to do business, requiring, he says, "an approach that can always sit between the user and the Web, no matter where the user is."

While the service approach is perceived as a way to save money, Judge says it can offer unique technical advantages too. It's possible to analyze threats better from the cloud than from a single appliance installed for a client. For example, some JavaScript attacks require deeper analysis to be detected, and a single device may not have the necessary processing power. By centralizing the task in the cloud, Judge says, his company is able to use specially designed hardware that enables deeper analysis at a higher speed.

http://www.technologyreview.com/business/23022/

Helping Robots Get a Grip

A new approach lets dexterous robotic hands grasp easily.

By Kristina Grifantini

One of the main things preventing robots from lending a hand with everyday tasks is a simple lack of manual dexterity. New research from a team at Columbia University NY could help robots--and robotic prosthetics--get a better grip on all kinds of objects.

Good grip: A new approach allows a complicated robotic hand to grab an object more easily. Credit: Matei Ciocarlie and Peter Allen, Dept. of Computer Science, Columbia University

Multimedia See the grasping system in simulations and real-life experiments.

Peter Allen, a professor at Columbia University and director of its Robotics Group, and colleague Matei Ciocarlie developed a simpler way to control a dexterous robotic hand by drawing on research in biology. They realized that while human hands have about 20 degrees of freedom (20 joints that can each bend), each joint is not capable of moving completely independently; instead, its movements are linked to those of other joints by muscles or nerves.

Traditionally, the software used to control a complex robot hand has tried to account for all the degrees of freedom in the robotic hand's joints, but this is computationally cumbersome and slows the robot down. Instead, Allen and Ciocarlie decided to limit the movement of a robot hand in the same way a human hand is limited. By linking its joints in this way, they showed it is possible to control a complicated robotic hand with faster, more efficient algorithms and without losing any of its functionality. "You can learn from biology to reduce the degrees of freedom," says Allen. "Even though you may have 20 degrees of freedom, you don't need to use them."

The researchers experimented with four different kinds of complex robotic hand, each of which had multiple joints. They developed software to control each gripper by linking its joints. In simulations and real-life tests, the software was able to quickly calculate grasping positions in order to grab different objects, including a wine glass, flask, telephone, model airplane, and ashtray.

The system works in two stages. First it chooses an array of possible grasping motions depending on the angle at which the hand is approaching the object. Second, it selects from these positions the one that will provide the most stable grasp. Then, if the controller thinks the grasping position looks right, she can give the command and the hand will take hold of the object.

"Grasping objects with a human-like hand is a seemingly complex computational problem," says Charlie Kemp, a professor at the Georgia Institute of Technology, who has developed robots capable of grasping unfamiliar objects. "This work suggests that there is an underlying simplicity. It shows that a complex hand may not require a complex brain."

Calculated grabs: A sensor lets the system detect the direction of approach; the software then calculates the most effective grasping positions. Credit: Matei Ciocarlie and Peter Allen, Dept. of Computer Science, Columbia University

"I believe it's the way forward for automated grasping," adds Eric Berger, the codirector of the personal robotics program at Willow Garage, a robotics research center in California. "From my perspective, the algorithmic work ... is novel and useful, but the most exciting thing about what they're doing is the different approaches they're taking to applying these new algorithms to the real world."

In their experiments, the Columbia team preprogrammed the system with a rough idea of the shape of the object it would grab. The next step is to couple the robotic grasper to a system that can evaluate completely unfamiliar objects in the real world.

Other research groups are making progress in this area. For example, Intel has created technology that uses electric fields to carefully sense delicate objects within reach, while Andrew Ng and colleagues at Stanford University have developed a robot that can calculate the best place to grab onto an object that it hasn't seen before.

http://www.technologyreview.com/computing/23023/