Skip the navigation

Intrusion prevention touted over detection

April 11, 2003 12:00 PM ET

Computerworld - Next week's RSA Conference 2003 in San Francisco will feature a range of security technologies meant to let corporations more proactively defend themselves against a growing array of cyberthreats.
Unlike most traditional firewall and intrusion-detection products, which passively detect problems, the new tools use rules, usage models and correlation engines to enforce authorized network behavior. In some cases, these tools automatically prevent unauthorized or malicious tasks from executing.
But many of the technologies are still in their infancy, are largely untested in enterprise environments and may not deliver all of the promised functionality just yet, users and analysts cautioned.
Rules-based protection
One of the vendors touting such products at this week's conference, sponsored by Bedford, Mass.-based RSA Security Inc., is Entercept Security Technologies Inc. The San Jose-based company will release an updated version of a host-based intrusion-prevention software tool that uses virus signature information and behavioral rules to intercept suspicious activity before it accesses an application.
For example, if a rule states that only Web server processes can access Web files, all attempts by other processes to do so will be automatically blocked by Entercept software, company officials said.
Network Associates Inc. announced April 4 that it would acquire Entercept for $120 million in cash, and on April 1 the company said it would buy San Jose-based Intruvert Networks Inc. for $100 million (see story).
Entercept's technology recently helped Arlington County, Va., protect its core databases from being corrupted by the Slammer worm and has contributed to a more proactive security posture, said Vivek Kundra, the county's director of infrastructure technologies.
"Historically, we would learn of an attack only after it happened, and we would react to it. Now we are in a position to prevent some of it as well," he said.
Also this week, Teros Inc. in Sunnyvale, Calif., will add a new module called SafeIdentity to its Teros 100 Application Protection System. Teros 100 is an "in-line" hardware device that sits directly on the network in front of a Web application server and inspects every packet going in and out of the server in real time.
Like other intrusion-prevention products, Teros' technology blocks anything that deviates from predetermined norms for a particular server or application. While Teros claims that its product can determine what those norms should be, companies that are unwilling to leave that decision to the technology can specify them.
Baker Hill Corp., a Carmel, Ind., provider of application services to the banking industry, has placed such "default deny" application firewalls in front of several Microsoft Internet Information Servers, said Eric Beasley, a senior network administrator



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!