The IT security industry has looked to medicine for metaphors and ways of thinking about network protection. Sana Security Inc., a San Mateo, Calif., startup, is extending that relationship with the introduction of its Primary Response application security platform.
The software, unveiled last week, observes application/operating system interactions and learns the code paths that each application uses during normal operations. The system develops a profile of each applications behavior and blocks anything that falls outside that profile.
As a result, the system produces a remarkably low number of false positives—as few as two or three per month in some customer environments.
The concept was taken from the human immune systems ability to recognize potential infections and begin defending against them before they reach their targets. The software is the brainchild of Steven Hofmeyr, Sanas founder and chief scientist, who developed the idea during research for his doctoral thesis.
Although the concept is similar to several other systems on the market, there is one key difference, Hofmeyr said: Sana does not rely on a human to define acceptable behavior for each application. "[Other vendors] assume theres some human out there with sufficient knowledge to recognize the attacks and know what to do," he said. "Weve assumed the human wont understand."
Primary Response relies on a server/agent architecture and is meant mainly for servers handling Web, FTP and Domain Name System traffic, but it can also protect custom applications.
Primary Response is due to ship in the middle of next month on Windows and Solaris; Linux and AIX versions are in the works. One server license costs $6,500; each agent is priced at $1,750.