News Stay informed about the latest enterprise technology news and product updates.

New security appliance with no static rules

A UNC-Charlotte duo has developed a plug-and-play appliance that analyzes traffic in real time, and without static rules, to detect network anomalies.

Two North Carolina-based researchers have developed a plug-and-play appliance that they claim can stop network-based attacks, even unknown ones, and can help contain malware outbreaks. But, they warn, don't throw out other network security tools just yet.

A duo at the University of North Carolina at Charlotte call the new appliance Access Enforcer and say a major benefit, in addition to ease of use, is that it automatically shuts down unusual traffic while letting "good traffic" continue to flow unabated.

For more information

Click here for this tip: "Target-based IDS muffles the noise to take aim at the alerts that count"

Or see this Ask the Expert: "Checking for network vulnerabilities"

Check out this archived Featured Topic comparing IDS and IPS

The product is the brainchild of Yuliang Zheng, professor of information technology at UNC-Charlotte and Lawrence Teo, a doctoral student there.

A few years ago, Zheng started thinking of ways to dynamically assess network risks without relying on signature files. "Real-time adjustments can then to be made based by risk thresholds for certain services," he said during a recent interview.

Zheng does not envision Access Enforcer replacing any network protection technologies such as intrusion detection or firewalls. "Companies have already invested a lot of money on them,' he said. "Firewalls, for example, are very effective at stopping known attacks."

The value of Access Enforcer is handling unknown threats and those that happen so quickly that human intervention wouldn't be possible even if traditional monitoring systems detected it. For example, the SQL Slammer worm hit so quickly that no human could have intercepted it, Zheng said.

In the case of Slammer, Access Enforcer may have missed the first packet (the worm was only one UDP packet) but it could have helped contain it by not letting it send copies out. The product monitors both incoming and outgoing traffic so even if one division of a company gets it, other divisions and companies won't be affected.

Containment is an important issue for PR-minded companies who fear the bad publicity should their business become an unwitting agent in the spread of a virus or worm. "It's similar to when a virus such as SARS or bird flu happens in a human being. You can't get rid of it, but you try to contain it," Zheng said.

The first version of the product will be available for sale by mid-year from Calyptix Security, a company started by Zheng and Teo.

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.