CA Tool Fights Zero-Day Exploits

The management software specialist adds host intrusion protection to its deck of anti-malware products in the name of helping customers battle zero-day exploits and other more sophisticated attacks.

SAN FRANCISCO—IT management software giant CA will announce the newest addition to its security product lineup here at the RSA Conference Feb. 6, launching its first host intrusion protection system, meant to augment the companys existing signature-based anti-malware tools.

Dubbed CA Host-Based Intrusion Prevention System, or CA HIPS, the package combines firewall technology with network break-in detection and prevention applications to help fight rapidly emerging threat models that seek to circumvent traditional anti-virus systems, such as so-called zero-day threats.

While older anti-malware technologies are most adept at warding off attacks that use previously discovered software vulnerabilities, or variants of well-known virus code, to deliver their payloads, enterprises are increasingly considering the use of HIPS technologies to fight sophisticated threats including zero-days, which seek to take advantage of coding flaws that have not yet been publicized by security researchers or software makers.

In addition to those basic technological elements, present in nearly every HIPS technology on the market today, the CA package also claims centralized management and security policy authoring tools, specifically meant to help administrators at large organizations streamline installation and operation of the system.

While keeping an eye on traffic flowing in and out of corporate networks to detect attempted attacks, CA HIPS promises to give administrators the ability to create security policies using direct examples of techniques they have already employed to fend off previous threats. In doing so the system has a "self-learning" capability that greatly eases the burden of policy establishment, speeding customers response to new breeds of threats, even as it observes new examples for the first time, CA officials said.

/zimages/2/28571.gifAnti-virus companies are working around the clock to keep zero-day attacks at bay. Click here to read more.

The policy management function has also been designed to integrate with companies existing LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory systems, to help speed the integration process even further.

Companies must retain their traditional anti-virus systems to help protect against anything that slips through HIPS systems, but CA knew it needed to up its game to help its clients battle zero-days and other nascent attack methods, said Sam Curry, vice president for CA Security Management.

Much of the technology evident in the package was brought onboard via the Islandia, N.Y.-based companys acquisition of Tiny Software in 2005. Curry said CA doesnt feel its coming late into the HIPS market by getting its product to market only now, as the company believes that many enterprises are just beginning to create budgets for the tools.

"When we acquired Tiny, we didnt buy it for the name or installed base. We knew they had a key piece of anti-malware technology that we were missing, and thats part of whats in here," Curry said. "We can beat the competition because we know the management problems, we know how to work within these massive environments and use behavioral analysis to make the right educated guesses when the software sees things it may have never seen before."

Available immediately, the CA HIPS software wears a price tag of roughly $40 per seat.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis.