Article

New security appliance with no static rules

Edward Hurley, News Writer

Two North Carolina-based researchers have developed a plug-and-play appliance that they claim can stop network-based attacks, even unknown ones, and can help contain malware outbreaks. But, they warn, don't throw out other network security tools just yet.

A duo at the University of North Carolina at Charlotte call the new appliance Access Enforcer and say a major benefit, in addition to ease of use, is that it automatically shuts down unusual traffic while letting "good traffic" continue to flow unabated.

    Requires Free Membership to View

For more information

Click here for this tip: "Target-based IDS muffles the noise to take aim at the alerts that count"

Or see this Ask the Expert: "Checking for network vulnerabilities"

Check out this archived Featured Topic comparing IDS and IPS

The product is the brainchild of Yuliang Zheng, professor of information technology at UNC-Charlotte and Lawrence Teo, a doctoral student there.

A few years ago, Zheng started thinking of ways to dynamically assess network risks without relying on signature files. "Real-time adjustments can then to be made based by risk thresholds for certain services," he said during a recent interview.

Zheng does not envision Access Enforcer replacing any network protection technologies such as intrusion detection or firewalls. "Companies have already invested a lot of money on them,' he said. "Firewalls, for example, are very effective at stopping known attacks."

The value of Access Enforcer is handling unknown threats and those that happen so quickly that human intervention wouldn't be possible even if traditional monitoring systems detected it. For example, the SQL Slammer worm hit so quickly that no human could have intercepted it, Zheng said.

In the case of Slammer, Access Enforcer may have missed the first packet (the worm was only one UDP packet) but it could have helped contain it by not letting it send copies out. The product monitors both incoming and outgoing traffic so even if one division of a company gets it, other divisions and companies won't be affected.

Containment is an important issue for PR-minded companies who fear the bad publicity should their business become an unwitting agent in the spread of a virus or worm. "It's similar to when a virus such as SARS or bird flu happens in a human being. You can't get rid of it, but you try to contain it," Zheng said.

The first version of the product will be available for sale by mid-year from Calyptix Security, a company started by Zheng and Teo.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: