Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Defending the Core

    By
    Dennis Fisher
    -
    March 1, 2004
    Share
    Facebook
    Twitter
    Linkedin

      After a decade of focusing nearly exclusively on defending the perimeter, security vendors have begun to divert more of their attention to the last frontier of digital security: the soft, chewy center of corporate networks.

      The problem for these vendors isnt so much about keeping attackers out; they leave that to the firewall and IDS (intrusion detection system) crowd. Instead, a growing number of software and hardware vendors, including Sanctum Inc., Kavado Inc., Application Security Inc. and Intrusic Inc., are concerned with limiting the damage caused by intruders who slip past those other defenses.

      The ways that these companies approach the problem vary widely, and two good examples of this diversity are the solutions unveiled last week at the RSA Conference by Intrusic and Application Security.

      Intrusic took the wraps off its Zephon system, which is designed to pick up where todays existing security technologies leave off. The solution does not attempt to detect or block scans, attacks or intrusions. Instead, it combs networks for evidence of successful compromises and then provides detailed statistics and recommendations on how to remediate the problems. The idea is to eradicate the actual problem, not just its symptoms.

      “Because were doing compromise detection, we can stop things completely rather than doing one-off fixes,” said Bruce Linton, CEO of Intrusic. “If somebodys already inside the network, whats their driver to do more attacks? There isnt one, so you probably wouldnt see them with normal security products once theyre in.”

      Intrusic, based in Waltham, Mass., is the brainchild of Justin and Jonathan Bingham. But the man drawing attention to the company is Mudge, also known as Peiter Zatko, one of the original members of L0pht and @Stake Inc. Mudge left @Stake two years ago and has since been semiretired. Hes now Intrusics chief scientist.

      The companys solution sits on a network tap in passive mode and records every packet that moves between users and the various hosts on the network. At the beginning of its operation, the system takes a snapshot of the network to establish its current security state. Zephon copies all the packets and analyzes the traffic in three distinct phases. It first examines the packet, searching for signs of an internal compromise. The system then looks at the traffic on the session level and, finally, on the hot level, with each inspection performed independently of the others. Any data showing evidence of a compromise is moved to the Master Confidence Table, a database where a second analysis is done.

      All positively identified compromises then end up in the GUI, where administrators can see statistics showing the total number of compromised hosts, total compromises and other vital data.

      Zephon has three levels of reports, from executive overviews to detailed, host-level descriptions for administrators. But its meant to be simple enough for users with no security background.

      Application Security, based in New York, introduced a new version of its AppDetective software, which performs continuous risk assessment of a network. The solution includes collectors on hosts throughout a network that vacuum up data from perimeter devices such as firewalls, routers and IDSes. The collectors send that information to the main AppDetective server, which develops a model of the network and performs attack simulations against internal hosts to find exploitable weak spots.

      The results of the attacks then go to the user interface.

      In addition, the company just released a solution, called AppRadar, which acts as a kind of internal IDS to protect databases. The system is capable of detecting the most common attacks against databases, including buffer overruns, password attacks and privilege escalation attempts.

      Meanwhile, Application Security and Kavado, along with Sanctum, SPI Dynamics Inc. and WhiteHat Security Inc., have formed a consortium to help define and promote application security standards.

      The groups initial goal is to create a classification system for application security vulnerabilities, attacks and other threats. Many of the attacks that are used against Web applications are quite complex, and much of the terminology is outside the realm of most security specialists expertise. The group hopes to simplify the explanation of things such as cross-site scripting.

      Avatar
      Dennis Fisher

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×