Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Latest News
    • Networking

    Anticipating the Unknown

    Written by

    Dennis Fisher
    Published January 27, 2003
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Its been one of the dirty little secrets of the security industry for years: Software patches dont work.

      Its not that they dont fix the problems that theyre designed to solve; they do. Despite technical problems with some patches, most notably regression errors and incompatibility issues in patches from Microsoft Corp. and others, hot fixes hit their targets.

      The real problem, as most administrators or competent crackers can attest, is that so few network administrators regularly apply patches that the fixes are all but irrelevant. The reasons are many, but the two most serious issues are the lack of time to download, test and apply the patches and the sheer number of vulnerabilities affecting popular software packages. Combined, these problems leave a playing field rife with unprotected servers and desktops just waiting to be attacked.

      Software vendors, large and small, have spent considerable time and money trying to address this problem. Microsoft has developed several automated tools that simplify and accelerate the process of downloading, disseminating and applying patches. And a new crop of companies, most notably Citadel Security Systems Inc., are developing automated vulnerability assessment and remediation tools for the enterprises.

      But none of these solutions can change the fact that patches are by nature a reactive response. You have to wait until the problem is known to get the fix. And with crackers working overtime to find and exploit unknown vulnerabilities, thats more often than not a losing proposition.

      As a result, several security companies are rolling out advanced technologies that are designed to not only react to and block incoming known threats but to anticipate and mitigate unknown attacks as well.

      “Its been kind of the missing link in this industry for a long time,” said Chris Klaus, founder and chief technology officer at Internet Security Systems Inc., in Atlanta. “Patch management isnt working. We just use vulnerability detection as a feedback loop in threat detection and assessment to find out where are you not protected.”

      ISS recently announced a strategy and solution set called Dynamic Threat Protection, which combines a host of technologies and applications to provide real-time analysis of network traffic to identify and react to unknown threats.

      The linchpin of the new strategy is RealSecure Site Protector 2.0. The new version brings all the security capabilities in a given network under one command-and-control system. It relies on RealSecure agents on each protected machine—from servers to desktops to laptops—and uses a single policy management component for the entire system.

      Site Protector is closely tied to the new release of ISS Fusion, which now uses intelligence from ISS X-Force research team to instantly analyze and correlate incoming threat information. That data is then mapped against vulnerabilities found in the network to provide a real-time view of the effect of the attack.

      ISS is not alone in pursuing this strategy. Mazu Networks Inc., of Cambridge, Mass., has unveiled a platform called PowerSecure that is aimed at identifying anomalous network events through detailed traffic analysis. The system is deployed across a given network and records information about each network connection over a period of time. It uses this data to establish a profile of what the normal volume and nature is of the traffic on each connection.

      The system then compares real-time traffic against the historical to identify anomalous traffic. Mazu began life in the aftermath of the DDoS (distributed-denial-of-service) attacks that hit a number of high-profile Web sites three years ago. It has since adapted its technology to not only defend against DDoS attacks but also to mitigate a wide range of network events.

      Other companies, including Okena Inc. and Entercept Security Technologies Inc., are going down this road as well. Entercepts technology, like ISS, can intercept operating system calls to head off malicious behavior before the operations are executed.

      “This is a part of the evolution of security technologies. Its a natural next step,” said Matthew Kovar, an analyst at The Yankee Group, in Boston.

      ISS new strategy uses the X-Forces intelligence to create updates called “virtual patches,” which can prevent malicious activity and unwanted behavior on a machine until a vendor patch is available. The updates are pushed to all the RealSecure agents on the protected machines.

      “The key is, patches are so risky to applications. Theyre too expensive and too risky,” said Chris Rouland, X-Force director. “Any new PC or server you roll out is immediately at risk until you download all the patches. Our model is risk-averse. We want to limit knee-jerk reactions to new threats by allowing some flexibility in the process.”

      The virtual patches use several methods to prevent attacks, including automatically blocking access to targeted services. And they have the added appeal of not changing the underlying applications, the way that vendor-provided software patches often do.

      “It gives you the same protection level as a patch without really changing the system,” ISS Klaus said. “Were investing in a lot of technology to detect unknown attacks, but anyone who tells you they can stop everything is selling snake oil.”

      • Read more stories by Dennis Fisher
      • Read more Security stories
      Dennis Fisher
      Dennis Fisher

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.