Stonesoft Corporation

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Stonesoft Corporation
Type

Subsidiary

Public
NASDAQ OMX: SFT1V
Industry Network Security
Fate Acquired by McAfee (2013)
Founded Helsinki, Finland (1990 (1990))
Founder(s) Ilkka Hiidenheimo
Hannu Turunen
Headquarters Helsinki, Finland
Area served Worldwide
Key people Ilkka Hiidenheimo
(Chairman & CEO)
Juha Kivikoski
(COO)
Mikael Nyberg
(CFO)[1]
Jarno Limnéll
(Cyber Security Director[2])
Products Network security
Firewall
IPS
VPN
Security appliances
Virtual appliances
Employees 222 (Dec 2011)[3]
Parent McAfee, Inc.
Website www.stonesoft.com

Stonesoft Corporation is a vendor of network security solutions based in Helsinki, Finland. It was publicly owned until 2013 when it was acquired by Intel's subsidiary McAfee. Its product portfolio includes firewall/VPN devices, IPS (intrusion detection and prevention systems), and SSL VPN systems,[4] each available as hardware appliances, software, and VMware-certified virtual appliances.[5] Each of the components, as well as third-party devices, can be managed from the Stonesoft Management Center.[6] The product portfolio differentiates through unique clustering and load balancing technologies based on the company's older StoneBeat technology, originally developed for Check Point FireWall-1.

Stonesoft does business globally, with a regional headquarters in Atlanta, Georgia, United States, and sales offices throughout Europe, the Middle East, and China.

In May 2013, Stonesoft Corporation was acquired by McAfee, Inc., a subsidiary of Intel Corporation.[7]

History[edit]

Stonesoft started as a systems integrator in the Nordic regions of Europe. In 1994 it introduced StoneBeat, a technology for creating a high availability pair of firewalls in an active-passive configuration. In 1999, the company extended StoneBeat with a patented load balancing clustering technology,[8] launching StoneBeat FullCluster. It was one of the first technologies certified in Check Point's OPSEC program.[9]

In 2001, Stonesoft expanded its product set into the firewall/VPN space, becoming a direct competitor to Check Point. The StoneGate Firewall/VPN was launched on March 19, 2001. In January 2003, the company introduced the first virtual firewall/VPN solution, for IBM mainframes.[10]

In 2010, the company released information via CERT-FI[11] on Advanced Evasion technique (AETs) that met with skepticism in the community. Further AETs were released in 2011, and eventually verified by independent labs and researchers.[12][13][14]

In 2012 “Stonesoft” replaced the “StoneGate” product name. From now on, Stonesoft is used both as the company and product name.

Stonesoft Corporation’s product sales for Q3 2012 were circa 5.6 million euros. The product sales grew by approximately 18%. The Q3 net sales were approximately 9.2–9.3 million euros, which equals a growth by14-16%. The growth was lower than expected.[15]

Products[edit]

Stonesoft's current product portfolio can be divided into five major categories:[4]

  • Stonesoft Firewall/VPN
  • Stonesoft IDS/IPS
  • Stonesoft SSL VPN
  • Stonesoft Management Center (SMC)
  • Stonesoft Virtualization Solutions

The Stonesoft Firewall/VPN has placed in Gartner's Magic Quadrant for Enterprise Network Firewalls for several years, and is currently placed in the niche quadrant.[16] Gartner notes that Stonesoft "serves a set of placements well – usually, high availability is key or when the leaders are otherwise not welcome".[16] The Stonesoft firewall/VPN is regarded for its "robust performance and feature set relative to company resources, and it has a loyal customer base".[16]

The Stonesoft IPS has also placed in Gartner's Magic Quadrant for Network Intrusion Prevention, currently in the “visionaries” quadrant.[17] It is also certified by ICSA Labs Network Intrusion Prevention and Detection category, and is one of only four vendors in the consortium to achieve that certification.[18] Stonesoft has also received favorable reviews from NSS Labs for both the next generation firewall capability (2012) and the intrusion detection and prevention system.[19][20]

Controversy[edit]

In 2008, the Helsinki Court of Appeal issued a decision in a case brought against Stonesoft and several members of its management team. The court "held that two members of the company's board of directors and a former CEO through gross negligence had failed to give a profit warning in due time".[21] The issue at hand was discrepancies between the profitability forecasted in the company's year 2000 interim reports and the actual state of the company at that time. The reports indicated the company was sound and profitable, yet "a profit warning should in fact have been issued".[21] The District Court of Helsinki had originally dismissed the claims in a decision on November 15, 2006.[22]

Advanced Evasion Techniques[edit]

In 2010 Stonesoft informed the public about a new evasion technique that can bypass security defences. Stonesoft defines the Advanced Evasion Techniques (AETs) as ”virtually limitless in quantity and unrecognizable by conventional detection methods. They can work on all levels of the TCP/IP stack and work across many protocols or protocol combinations.” [14]

According to Max Nyman, Stonesoft Corporation’s Senior Marketing Manager, AETs can deliver malicious code without detection and without leaving trace.[23]

On July 23, 2012 Stonesoft released a free tool that enables organisations to test their network security.[24]

Cyber Security[edit]

Cyber Security can be defined as the security of the digital world. Stonesoft has continued to invest strongly in its cyber security competence.[25] In May 2012, Stonesoft Corporation appointed Mr. Jarno Limnéll as Director, Cyber Security. His main responsibilities include creating and promoting Stonesoft’s cyber security strategy and facilitating partnerships in the area.[2]

According to Jarno Limnéll, the world will experience a growing number of intentionally executed and demonstrated cyber-attacks in the coming years. He says that defence, resilience and offence are all required for a country or a company to protect themselves.[26]

References[edit]

  1. ^ http://www.stonesoft.com/en/investor_relations/corporate_governance/management/
  2. ^ a b http://www.reuters.com/article/2012/05/24/idUS77782+24-May-2012+HUG20120524
  3. ^ http://www.stonesoft.com/export/download/investor_relations/Stonesoft_ANNUAL_REPORT_2011_EN_web.pdf
  4. ^ a b http://www.stonesoft.com/us/products/index.html
  5. ^ http://www.vmware.com/appliances/directory/cat/522?k=Stonesoft&c=522
  6. ^ http://www.stonesoft.com/us/products/smc/index.html
  7. ^ http://www.stonesoft.com/en/company/press_and_media/releases/en/2013/McAfee-completes-aquisition-of-Stonesoft.html
  8. ^ http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=6,856,621.PN.&OS=PN/6,856,621&RS=PN/6,856,621
  9. ^ http://www.opsec.com/solutions/partners/stonesoft_fc.html
  10. ^ http://www2.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/01-22-2003/0001876476&EDATE=
  11. ^ http://www.cert.fi/en/reports/2010/vulnerability385726.html
  12. ^ http://www.isaca.org/Blogs/187379/Lists/Posts/ViewPost.aspx?ID=10&RootFolder=%2FBlogs%2F187379%2FLists%2FPosts
  13. ^ https://www.icsalabs.com/blogs/maybe-initial-discoveries-were-just-tip-iceberg
  14. ^ a b http://www.thetechherald.com/articles/Should-you-panic-An-Advanced-Evasion-Techniques-overview/11657/
  15. ^ http://www.stonesoft.com/en/press_and_media/releases/en/2012/02102012.html?uri=/en/press_and_media/releases/en/index.html
  16. ^ a b c http://www.vadition.com/pdf/Gartner_Magic_Quadrant_Firewalls_2010.pdf
  17. ^ http://www.stonesoft.com/en/press_and_media/releases/en/2012/08082012.html
  18. ^ https://www.icsalabs.com/products?tid[]=4222
  19. ^ http://www.nsslabs.com/research/network-security/firewall-ngfw/
  20. ^ http://www.nsslabs.com/research/network-security/network-ips/
  21. ^ a b http://www.dittmar.fi/whats_new/newsletters/D&I%20Q4%202008.PDF
  22. ^ http://www.euroinvestor.co.uk/news/story.aspx?id=10020587
  23. ^ http://news.softpedia.com/news/Softpedia-Exclusive-Interview-Max-Nyman-on-Advanced-Evasion-Techniques-275463.shtml
  24. ^ http://www.securityweek.com/stonesoft-pen-testing-tool-uses-advanced-evasion-techniques-firm-says
  25. ^ http://www.stonesoft.com/export/download/financial_files/Stonesoft_Interim_Report_Q2_2012.pdf
  26. ^ http://news.softpedia.com/news/Stonesoft-to-Host-First-Cyber-Security-Summit-on-October-24-2012-294720.shtml

External links[edit]