IBM introduced a new intrusion detection technology dubbed Billy Goat that claims to be highly effective in battling worm viruses and other types of malicious IT threats, and in eliminating false security alarms.
According to the company, Billy Goat offers organizations improved threat detection capabilities by duping outsiders into believing that it is an unprotected IT asset worth targeting, and then shutting down any subsequent attacks.
First invented by the companys research group to help European Internet Service Providers deal with malicious programs being propagated by exploited computers on their networks., Billy Goat will now be offered as a package of software and consulting offered by the firms IBM Global Services unit.
According to IBM, the tool hides itself to appear on a corporate network as a collection of servers that appear to be attractive candidates for an outside attack.
While offering few technical details of how Billy Goat works, the company was quick to point out that the “masquerading” technology does not communicate with any legitimate computers on a customers network, but said that it is created such that criminals who randomly attack servers are likely to find it and fall for the ploy.
“Billy Goat uses a unique approach to detect malicious software by responding to requests sent to unused IP addresses, presenting what from a worms-eye view looks like a network full of machines and services,” Dr. James Riordan, lead designer of the system at IBMs Zurich Research Lab said in a statement.
“In other words, Billy Goat creates a virtual environment for the worms,” said Riordan.
“Such virtualization, by providing feigned services as well as recording connection attempts, helps Billy Goat trick worms into revealing their identity.”
As soon as Billy Goat gets attacked, IBM says, the system quickly identifies any attacking computers and blocks them from contacting other IT assets, which the company said isolates any worms and viruses before they can do any real damage.
While the systems real strength lies in duping attackers and walling off networks from worm attacks, IBM is promoting Billy Goats ability to more accurately identify malicious attacks, versus false alarms, as one of its biggest advantages.
Companies spend so much time chasing down attacks that may have no real impact on their IT operations that they have less time to spend dealing with important threats, IBM said.
The technology is being made available, and was designed by IBMs ODIS (On Demand Innovation Services) effort, which is a partnership between the companys IBM Research division and its BCS (Business Consulting Services) unit.