Security Start-up Seeks to Spot, Solve Compromises | eWeek

Security Start-up Seeks to Spot, Solve Compromises

Écrit par
Dennis Fisher
Dennis Fisher
Feb 20, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A new security start-up backed by the intellectual capital of perhaps the best-known security personality of the past five years is set to unveil its flagship solution at next weeks RSA Conference.

Intrusic Inc. will be showing off its Zephon system, which is designed to pick up where todays existing security technologies leave off. The solution does not attempt to detect or block scans, attacks or intrusions. Instead, it combs networks for evidence of successful compromises and then provides detailed statistics and recommendations on how to remediate the problems. The idea is to eradicate the actual problem and not just the symptoms of the problem.

“Because were doing compromise detection, we can stop things completely rather than doing one-off fixes,” said Bruce Linton, CEO of Intrusic. “If somebodys already inside the network, whats their driver to do more attacks? There isnt one, so you probably wouldnt see them with normal security products once theyre in.”

Intrusic, based in Waltham, Mass., is the brainchild of Justin and Jonathan Bingham. But the guy who is drawing attention to the company is Mudge, also known as Peiter Zatko, one of the original members of the L0pht and @stake Inc. Mudge left @stake two years ago and has been semi-retired. Hes now Intrusics chief scientist.

The companys solution sits on a network tap in passive mode and records every packet that moves between users and the various hosts on the network. At the beginning of its operation, the system takes a snapshot of the network to establish its current security state. Zephon then copies all of the packets and then analyzes the traffic in three distinct phases. It first examines the packet, searching for any sign of an internal compromise.

The system then looks at the traffic on the session level and finally on the hot level, with each inspection being independent of the others. Any data showing evidence of a compromise is moved to whats called the Master Confidence Table, a database where a second analysis is done.

All positively identified compromises are displayed in the GUI, where administrators can see statistics showing the total number of compromised hosts, total compromises and other vital data.

Zephon has three levels of reports, from executive overviews to detailed, host-level descriptions for administrators. But its really meant to be simple enough for people with no security background.

Intrusic will sell Zephon on a per-server basis with an annual maintenance fee after the first year. Exact pricing hasnt been set.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.