New HP Security Services Automate Threat Prevention

HP will introduce two new security services at the RSA Conference in San Francisco next week. The forthcoming services will automate the installation of patches as well as prevent network overloads from worm attacks.

Hewlett-Packard Co. plans to unveil two new security services next week at the RSA Conference in San Francisco, both of which are designed to help customers resist potential and ongoing attacks.

The announcements will be a part of Hewlett-Packards big showing at the conference, which also includes a speech by Chief Privacy Officer Barbara Lawler, and another by Distinguished Technologist Joe Pato.

HPs new Active Countermeasures service will be a two-tiered vulnerability assessment that pulls in data on new threats from the CERT Coordination Center, ISA and other sources. The system will rank the threats according to their probability of exploitation and risk, then perform scheduled scans of the customer network, searching for machines that are vulnerable to any of the high-risk threats. It then can deploy automatic mitigation measures based on customer policies.

A unique characteristic of the service is that it uses the vulnerability on the machine in order to patch it. HP will write its own exploits for new flaws and then use the code to access each machine and install the patch. The code will not self-propagate, however, and will die after installing the patch on a machine. This will allows HP to avoid having to install an agent on every machine.

HPs other new offering is called the Virus Throttler, and is designed to limit the damage done by viruses and worms after they hit a network.

The system will work by cutting down on the number of different hosts that an infected machine can connect to in a single second. The system is designed to help stop the network-choking traffic levels that fast-spreading virus or worm can generate, as well as prevent the malware from reaching out and infecting other machines.

HP will accomplish this by inserting a delay into each packet sent out by protected machines. Company officials said the software is capable of detecting fast-moving worms such as Slammer in about one two-hundredth of a second.

"The rate of change for these threats is accelerating. They operate outside the human timeframe," said Pato, a distinguished technologist at HP Labs, based in Palo Alto, Calif. "Were looking to create responses that are automated, but benign. We dont want to cause a bigger problem that the attack itself."

The officials said HP is using both of the new security services internally, and hopes to have them available for customers later this year.

/zimages/3/28571.gifCheck out eWEEK.coms Security Center at for security news, views and analysis.