Websense Launches New Threat Prevention Tool

Dubbed ThreatSeeker, Websense says the software package allows companies to identify threats before they hit corporate networks, aiding in the fight against sophisticated malware.

Websense introduced its latest malware detection technology on Oct. 31, rolling out its ThreatSeeker application that will serve as the technological foundation for all of the companys security software products.

As Web-based threats have shifted away from traditional attacks focused on software vulnerabilities to so-called zero day exploits aimed at previously unidentified flaws, traditional anti-virus and intrusion detection technologies have left users with inadequate protection, Websense officials maintain.

By utilizing a vast network of data mining machines, along with some 100 proprietary processes based on a combination of mathematical algorithms, behavior profiling and code analysis, the San Diego-based company claims that the technology can identify zero day threats and other attacks before they show up on corporate networks.

Websense ThreatSeeker promises to find and block such threats, keeping corporate networks protected long before anti-virus vendors are capable of responding to attacks with software updates.

The first products to bear the technology will be the firms latest network security filtering applications, Websense Web Security Suite version 6.3 and Web Security Suite—Lockdown Edition version 6.3, which are expected to become available sometime before the end of Nov. 2006.

Sometime in 2007, Websense also plans to launch a data leakage prevention software package featuring the ThreatSeeker technology.

The company said that ThreatSeeker has already aided in the identification of several major attacks, including the recently reported WMF and VML zero-day exploits that targeted flaws in popular Microsoft products.

Since Websenses products are already used by a number of Internet service providers, the company is using the technology to get an eagles eye view into emerging attacks as they propagate on those companies own massive networks, said John McCormack, senior vice president of product development for the software maker.

"With all the new attack vectors emerging on the Internet, its hard to know where to look for the next big threat, and many Web-based attacks are becoming vehicles for other forms of sophisticated malware such as rootkits," McCormack said.

"Running on all these massive networks, we can use ThreatSeeker to identify network anomalies long before it is even clear whether the activity is actually a threat, and that gives us a significant advantage in identifying attacks and protecting customers before the exploits arrive at the network."

Websense claims that the technologies used in ThreatSeeker effectively scan between 40 million and 80 million Web site URLs every day looking for unusual activity that could indicate an attack.

The firm estimates that roughly 35 percent of all malware attacks are still generated online by compromised sites whose operators may have no idea their URLs are being used to deliver viruses and other threats.

/zimages/4/28571.gifClick here to read about one expert who thinks anti-virus software is ineffective.

Among the features in the new version 6.3 Websense products, due out in November, will be tools that allow IT administrators to see which employees are most frequently visiting compromised URLs to help companies warn users about putting their operations at risk.

Company officials said that the firm currently has its new products in pilot tests at six companies, one of whom saw its network absorb over 10,000 hits on sites bearing the VML exploit over the first 24 hours they ran the program.

While anti-virus and intrusion protection software makers, namely market leader Symantec, have been battling with Microsoft over the PatchGuard technology being added in the 64-bit version of the companys upcoming Vista operating system, technologies such as ThreatSeeker eliminate most of the need for technologies that access an OS kernel, McCormack said.

"If the threat never gets onto your network environment, there is no need to worry about who hacked the kernel, or about the need for products that do so," said McCormack.

"Trying to protect the desktop by accessing the kernel also has a high rate of false positives, just as many as traditional intrusion detection technologies."

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.