Two North Carolina-based researchers have developed a plug-and-play appliance that they claim can stop network-based attacks, even unknown ones, and can help contain malware outbreaks. But, they warn, don't throw out other network security tools just yet.
A duo at the University of North Carolina at Charlotte call the new appliance Access Enforcer and say a major benefit, in addition to ease of use, is that it automatically shuts down unusual traffic while letting "good traffic" continue to flow unabated.
A few years ago, Zheng started thinking of ways to dynamically assess network risks without relying on signature files. "Real-time adjustments can then to be made based by risk thresholds for certain services," he said during a recent interview.
Zheng does not envision Access Enforcer replacing any network protection technologies such as intrusion detection or firewalls. "Companies have already invested a lot of money on them,' he said. "Firewalls, for example, are very effective at stopping known attacks."
The value of Access Enforcer is handling unknown threats and those that happen so quickly that human intervention wouldn't be possible even if traditional monitoring systems detected it. For example, the SQL Slammer worm hit so quickly that no human could have intercepted it, Zheng said.
In the case of Slammer, Access Enforcer may have missed the first packet (the worm was only one UDP packet) but it could have helped contain it by not letting it send copies out. The product monitors both incoming and outgoing traffic so even if one division of a company gets it, other divisions and companies won't be affected.
Containment is an important issue for PR-minded companies who fear the bad publicity should their business become an unwitting agent in the spread of a virus or worm. "It's similar to when a virus such as SARS or bird flu happens in a human being. You can't get rid of it, but you try to contain it," Zheng said.
The first version of the product will be available for sale by mid-year from Calyptix Security, a company started by Zheng and Teo.