|
Aladdin Knowledge Systems Ltd. - Security Software - Category Directory
972-3-636-2222
15
Beit Oved Street
Tel
Aviv 61110
Israel
www.aks.com
Sales
$55
million
Business Description
Aladdin Knowledge Systems Ltd. is engaged in Software Security (or Digital
Rights Management, or DRM) and Enterprise Security.
Within Software Security, Aladdin develops and markets the following
products: HASP® (Hardware Against Software Piracy), HASP DocSeal, Hardlock®
and Privilege™. HASP, Hardlock and DocSeal include both software and
hardware components to protect our customers’ software against unauthorized
copying and illegal use. By requiring software users to insert our tokens
into their computers before they can use the protected software, it protects
our customers’ intellectual property from unauthorized use. Privilege is a
revenue-enabling software security platform that enables software publishers
to distribute secure software via CD, ESD, or peer-to-peer networks; protect
software copyright and intellectual property; reduce
distribution/operational costs; and integrate with in-house or hosted Web
stores and shopping carts. Privilege customers can choose and implement
which path is right for them—lower cost, expanded distribution, and/or new
licensing models.
Within Enterprise Security, Aladdin develops and markets eSafe® and eToken™.
eSafe is a gateway-based, integrated content security solution and service
that proactively protects networks against viruses, worms, spam and
non-productive content; enables real-time inspection of Internet traffic
without reducing network performance; reduces the risk of security exploits,
P2P, IM and blended threats; and enables lower total cost of ownership with
an integrated, modular design.
eToken is a USB based smart card device, the size of a house key, for
cost-effective strong authentication and ecommerce that provides enhanced
network/application security and ensures safe information access by
authorized users; improved and cost-effective password and ID management;
and secure mobility of digital credentials/certificates and keys. The eToken
product line is composed of eToken R2, eToken Pro, and eToken Enterprise. A
Software Developers Kit is available for creating custom eToken
applications.
Our Products
Software DRM (Digital Rights Management)
Development of software applications requires software developers to make
major investments in time, money and other resources. Software piracy
reduces revenues of software developers and returns on their investment. In
addition, it harms paying customers who ultimately bear a substantial
portion of the cost of illegal use in the form of higher license fees.
Software piracy can occur in many forms, including:
• end-users making unauthorized copies of software at work or at home;
• retailers selling illegal copies;
• computer dealers loading illegal copies onto their customers’ hardware;
• bulletin board operators and subscribers offering software for illegal
copying;
• commercial counterfeiters offering illegally copied software for sale; and
• companies exceeding the number of users authorized by network licenses.
According to the eighth annual independent study on global software piracy
commissioned by the Business Software Alliance in June 2003, the global
software industry’s losses due to the illegal use and duplication of
business software reached $13.08 billion in year 2002. North America, Asia,
and Western Europe accounted for the vast majority (84%) of revenue losses
as these regions are the predominant users of software. The countries with
the highest dollar losses due to software piracy, in descending order, were
China, the United States, Japan, Germany, France and Italy. The total
revenue loss for these countries was $8.0 billion or 60% of the worldwide
losses in the year 2002.
Due to the risk of substantial loss of revenue as a result of software
piracy, software developers have a need to protect their software against
unauthorized use. However, developers of low cost, “shrink wrap” software
generally do not find the use of sophisticated mechanisms to protect their
software cost-effective. Most users of sophisticated protection products
today are software developers that sell products at relatively higher price
levels, typically in excess of $250 per unit. These software developers
range from smaller operations developing applications for specific vertical
markets, to large software developers creating sophisticated enterprise-wide
applications for distributed systems.
The need for software protection has led to the development of several
methods to prevent the illegal use and duplication of software products.
These methods include threats or institution of legal proceedings, which is
often costly and time-consuming, and conditioning of product support on
product registration. Neither of these methods effectively prevents illegal
use or duplication of software products. Many software-based protection
solutions use authorization codes to prevent unauthorized access to a
program. Authorization codes are unreliable and inconvenient, due to the
need to reauthorize or reassess the program for each use and for each user
on a network.
Token-Based Security Software Solutions
Our security token-based products combine proprietary software and hardware
components to prevent the unauthorized use of computer software. The
software component enables the developer to integrate special software
procedures into a protected program either directly by accessing the
software or through the creation of protected versions of the software.
These procedures check whether the appropriate token is connected to the
computer’s USB, parallel or serial port. Each software developer is assigned
a unique code which is embedded in an ASIC contained in the token and which
must be verified by the protected software before the software can be
activated.
During the development cycle of the software program, the developer inserts
special instructions into the program, pursuant to which the program will
automatically send a code, or “challenge”, to the token at any point in the
program chosen by the developer. If the appropriate token is in place, it
will automatically supply the proper return code, or “response”, to the
challenge, thereby enabling the protected program to continue to operate.
The challenge/response procedure is transparent to the end-user if the
program is being run with the appropriate token in place. However, if there
is no token in place, or the incorrect token is installed, the program will
not operate. Each developer determines how the program will react to the
failure to provide the appropriate response; for example, it can immediately
cease operating, activate only specific modules or switch to a demonstration
mode.
At the option of the customer, our software protection systems can also be
implemented automatically - via the “Envelope” utility. This method of
protection does not require the software developer to access the source
code, and it is therefore available for use by software resellers. The
Envelope utility creates a protected version of the original program, which
will only run if the appropriate token is connected to the computer.
We believe that our token-based software security product lines offer
several advantages compared to other software security devices, including
other hardware-based devices manufactured by our direct competitors. These
advantages include:
•
Enhanced Security. The proprietary designs of both the hardware and software
components of our systems provide enhanced security against unauthorized use
of software. The ASIC in each token is custom-coded to prevent reverse
engineering. In addition, the proprietary algorithms and anti-debugging
features in our software are designed to ensure that the link between the
token and the developer’s software is secure.
• Transparency. Once connected, our hardware keys are transparent to the
computer user and do not interfere with the operation or use of the computer
or other peripheral products.
• Compatibility. Our security products are available with interfaces for
hundreds of languages and compilers under DOS, OS/2, Windows NT/2000,
Windows 95/98/ME, Windows XP, Mac OS 8.6-9.x, Mac OS X, Linux, local area
networks and other operating systems, as well as open systems such as Sun,
HP and others. Our products offer solutions for all standard hardware
platforms, including IBM PCs and PS/2s and their compatibles, Macintosh,
Power Macintosh, Japanese NEC Computers and Unix workstations.
• Ease of Use. Our products are easy and convenient to use, and provide a
low-cost solution to the problems of software piracy and illegal use. Our
products can also be used to control access to different software modules
and different software packages, and to limit usage to authorized users.
• Multilevel licensing concepts. Our products incorporate Full Authorization
and Remote Update Systems that enable the user to protect multiple
applications with a single key. They enable the user to specify the
limitations of the use of each application, specific modules, the number of
activations, the expiration date and the number of sites activated and
update these limitations remotely in a secure manner.
We currently offer two lines of token-based software security systems: HASP
and Hardlock In the past, we also used to offer MicroGuard.
HASP Product Line
Our initial software security product was HASP. The standard HASP model has
undergone several upgrades and we now market it as HASP4. This token offers
the primary security features that we develop, including an advanced ASIC
chip with an on-chip encryption engine based on a proprietary algorithm, an
Envelope tool for automatic protection and an Application Programming
Interface (API) for customized protection.
Secure Software Licensing and Distribution Products
Privilege Software Commerce Platform
We believe that Privilege is one of the most comprehensive and flexible
infrastructure solutions for managing, selling, and distributing software
over the Internet. Through digital delivery, software is immediately and
widely accessible, always in stock, and up to date. In addition, digital
delivery of software saves printing, packaging and shipping expenses,
inventory and warehousing costs, while ensuring the protection of our
customer’s intellectual property.
Privilege is composed of three principle components:
The Builders –a suite of tools (some standard and some optional) that
prepare software for electronic distribution, add mechanisms for protecting
intellectual property, and set usage rights for software after installation.
The Commerce Server – the “back-end” component that manages and stores the
digital inventory, and ensures secure, automated, and reliable fulfillment
of software product and license orders.
The Storefront Engine – the “front-end” component that provides an access
mechanism from a merchant’s on-line storefront to software warehoused on
Commerce Servers, in order to sell and distribute software products to
consumers.
The architecture of Privilege allows for the Storefront Engine to be
operated either by a software publisher for direct sales or by an on-line
reseller/retailer for “channel” sales. The Commerce Server is operated by
either a software publisher or a software distributor. A Storefront Engine
can connect to multiple Commerce Servers and a Commerce Server can connect
to both multiple Storefront Engines and other Commerce Servers, creating a
virtual software supply chain.
Privilege is tailored to the customer’s requirements based upon the core
technology and the latest product release. In general, Privilege enables
software publishers, distributors, and retailers to:
• sell and distribute software products via the Internet through multiple
channel partners, each with individual terms, without having to maintain
multiple electronic distribution platforms;
• manage the full product lifecycle, from product development through
end-customer usage rights; and
• trial-enable software, including electronically enabled try-before-you-buy
models.
We recently released Privilege 5.0, which supports software delivery to and
protection on the Windows XP or Macintosh OS X platforms.
Enterprise Security
Content Security Products
Today’s anti-virus software products are able to cope with all existing and
known viruses and virus technologies. The penetration and success of the
Internet and its innovative active content technologies such as Java,
ActiveX and HTML scripts have created a new type of Internet-specific threat
collectively called malicious content or Vandals. In addition, numerous
security holes discovered in various Internet enabled applications and even
in Microsoft Windows operating systems, were immediately exploited by
Vandals in order to penetrate and infect organizations. Unfortunately,
existing anti-virus software products are not designed to deal with these
new threats. Since vandals use the Internet to travel from one infected
computer to the other, they are effectively able to get into such computers
before reactive signature-based security and anti-virus solutions receive an
update and are able to block them.
Signature-based anti-virus software has been widely used since 1990 and
today more than 90% of corporate users have some sort of anti-virus
protection deployed throughout their organization. However, anti-virus
software operates by scanning files and trying to detect the signature of
viruses from the database of known viruses and relies heavily on the
anti-virus vendor that must continue to update the database in a timely
manner in order to be protected against the new viruses. In the Internet
age, one cannot afford to be merely defensive and risk becoming the first
victim to be hit. Proactive solutions that provide real-time protection
against unknown potential threats by enforcing content security policies at
the gateway level are therefore critical.
eSafe Family of Products
The eSafe solution is based on a multi-tiered content security architecture,
protecting the Enterprise on the following levels:
• The Integrated gateway and mail solution - eSafe Gateway
• The Internet gateway solution – eSafe Web
• The Corporate eMail server solution - eSafe Mail
eSafe Gateway
eSafe Gateway is an integrated proactive content security and an anti-virus
solution for Internet gateways, eSafe Gateway manages Internet-borne
information flow based on corporate policies for content that is
inappropriate, nonproductive or contains malicious code such as vandals,
viruses and worms. eSafe Gateway supports HTTP (web browsing), FTP (file
download), and POP3/SMTP (e-mail) protocols and can be configured to operate
in any network with or without a firewall.
The following are eSafe Gateway’s unique features:
• NitroInspection patent-pending technology for fast on-line transparent
inspection without overhead or delay on web browsing and file download
traffic;
• Selective removal of cookies, JavaScript, VBScript, macros, and specific
file types;
• ICSA and Check Mark Certified anti-virus protection, with unique proactive
Macro Terminator and Ghost Machine technologies;
• Scalable architecture with a built-in cluster for load sharing and
fail-over;
• Real-time protection from all types of malicious code including viruses,
vandals, Trojans, ActiveX, Java, worms and scripts; and
• Eliminates malicious code embedded inside HTML web pages.
• Blocks traffic generated by unauthorized applications, such as P2P
clients, Instant Messengers, Adware/Spyware and more.
eSafe Mail
eSafe Mail is a subset of eSafe Gateway that provides proactive content
security for e-mail only (SMTP). In addition, we sell an add-on module of
Advanced Anti Spam to our eSafe Mail product.
eSafe Web
eSafe Web is a subset of eSafe Gateway, that provides proactive content
security for browsing (HTTP) and file downloading (FTP).
eSafe’s Unique technologies
Virtual Appliance™
The Virtual Appliance concept is the industry’s first content security and
anti-virus gateway and mail inspection product that is delivered as a CD
image, pre-loaded with a hardened Linux OS and eSafe content security
applications. It can be easily installed on any hardware of customers’
choice, thus turning it instantly into a security appliance.
MacroTerminator™
By using pattern-matching exact behavior analysis (heuristic algorithms),
MacroTerminator is capable of detecting, with a high degree of accuracy,
macro viruses that are so new that they have not yet been individually
analyzed. Macro viruses are written in a high-level VBA (Visual Basic for
Applications) language. High-level languages are subject to heuristics,
which enables high accuracy of hostile activity detection, while maintaining
an extremely low level of false positives (false alarms). Macro Terminator
can recognize all known malicious macro families (such as Melissa), and
therefore can block the majority of new, yet unknown variants/mutations of
these families. Macro Terminator also has a high detection rate of new,
unknown malicious macros, which are not variants of known macro families.
GhostMachine™
Using this unique technology, all members of the eSafe family of products
have the ability to increase detection rates for polymorphic viruses.
Polymorphic viruses are computer viruses that encrypt or “cloak” themselves
while hiding in a computer’s memory. These viruses need to decrypt
themselves, or “de-cloak” in order to attack their intended targets. Ghost
Machine creates a simulated, virtual machine in a computer’s memory, fooling
polymorphic viruses into “de-cloaking” themselves, at which point they
become visible and therefore vulnerable to the eSafe anti-virus scanning
engine.
SmartScript™ Filtering
eSafe is able to intelligently filter content from scripts embedded in Web
pages. These scripts can be programmed in JavaScript, JScript, and/or
VBScript. eSafe will, if configured to do so, automatically strip out only
those scripts that contain malicious commands (such as a command to access
the hard drive of a local system).
Smart Script filtering can recognize all known malicious script families and
can therefore block a majority of new, yet unknown variants/mutations of
these families. It also has a high detection rate of new, unknown malicious
scripts, which are not variants of known script families.
XploitStopper™
The virus and Internet worm outbreaks in the last three years (Kaza, Nimda,
Sircam, BugBear, etc.) were able to cause worldwide damage that is estimated
at billions of US Dollars by industry experts. All those outbreaks were
caused because viruses and worms were able to exploit existing security
holes in various Internet applications (Outlook, IIS, etc.). eSafe’s new and
innovative XploitStopper™ technology is designed to look for known security
holes that can be exploited by malicious code and block them before the
virus is able to enter the organization. This unique approach minimizes the
threat from new and unknown viruses and Internet worms.
NitroInspection™
eSafe Gateway uses NitroInspection technology to provide superior protection
with little or no impact on network performance and the end-user experience.
This technology is built around a concept similar to the “stateful”
inspection technologies pioneered by Check Point’s Firewall-1 line of
firewall products.
This method of scanning files is far superior to the older proxy method.
Alternative proxy-based products require the content security device to
receive the entire file and scan or approve it before allowing any traffic
to reach the requesting client. This caused time-outs, user complaints, and
bandwidth utilization problems.
Anti-Spam
The phenomenon of spam is growing rapidly. It is estimated that over 50% of
today’s business e-mail is spam. Spam forces Internet service providers to
cope with increasing amounts of e-mail traffic, and the bandwidth of
businesses is largely consumed by it, impacting resources and productivity.
According to International Data Corporation, spam is no longer just a
nuisance; it is quickly becoming both a potential legal liability and a
major productivity drain for both corporate information technology
departments and corporate users. Spam not only drains worker productivity
and consumes valuable information technology resources such as disk storage,
central processing unit cycles, and network bandwidth, but it can also
expose the organization to legal liability due to the offensive nature of
some messages. We provide solutions to these problems by utilizing multiple
layers of anti-spam technology ranging from basic solutions that are built
into our product to offering our customers a sophisticated anti-spam
service, which is based on our original equipment manufacturer (OEM)
relationship with Cobion, a German company that specializes in anti-spam and
web filtering technologies.
Strong Authentication Products
eToken Family of Products
The growth of both the Internet and mobile computing are continuously
challenging and redefining data security requirements. Corporations are
caught between the need for remote, convenient access and the need for
protection from vandalism, espionage and theft. Conventional password
schemes alone are not effective in protecting systems and are very costly to
manage.
During 1999 and 2000, we released the eToken R2 and the eToken Pro, secure
authentication devices which are the size of a house key, and the
accompanying software, eToken Enterprise. eToken ensures that only
legitimate users gain access to network or PC resources by requiring that
the token be inserted into the computer’s USB port before allowing the
computer or application to operate. Our eToken technology offers users with
solutions and tools, including authentication, encryption and secure
certificate storage capabilities, all housed within the small, portable
eToken. In addition, eToken provides user flexibility in deployment through
advanced smartcard technology. eToken’s versatile architecture enables
organizations to use both existing authentication systems or introduce new
ones based on advanced technology, while maintaining a similar end-user
experience. Support for standard security interfaces, coupled with the
ability to cache user passwords, enables the eToken solution to be operated
with almost any authentication system.
Our eToken technology allows for concurrent storage of multiple private
keys, passwords and digital certificates for use in a wide variety of
applications. eToken can be used as an authentication device for e-banking,
virtual private networks, extranets and wide area networks and as an enabler
for e-Commerce. eToken serves as an encryption device that enables companies
to verify the identity of individuals who request access to protected
content or applications provided over their networks or websites. eToken can
be used to protect sensitive data and resources by performing file
encryption and access control functions. eToken can also be used in
conjunction with third-party software to digitally sign and/or encrypt
electronic messages so that they cannot be modified or intercepted. eToken
does not require an additional reader to effectively control any user within
the network. eToken links to USB ports in PC’s and laptops of all major
manufacturers.
International Data Corporation predicts that USB tokens and smartcards will
become interoperable because USB tokens also have PKI (Public Key
Infrastructure) and digital-certificate capability. As the technology
develops, USB keys will be able to provide an integrated solution that could
only previously have been provided through separate authentication devices.
We are currently developing expanded functionality for the eToken in order
to simplify password management by allowing the eToken to store multiple
log-on credentials, such as different passwords, which can then be
automatically entered into the application without needing the user to
remember or manually type it in.
|
|
