Security Gets Proactive

The limitations of security technology have left most security administrators with only reactionary defenses: Antivirus vendors discover a new virus and publish updated signatures; white-hat hackers discover a new security vulnerability and the software vendor publishes a patch; and intrusion-detection software notifies administrators after the bad guys enter the network perimeter. Now, a new breed of proactive security applications are gaining ground.

Last week, Harris Corp. released an intrusion-prevention tool called Security Threat Avoidance Technology Neutralizer. Instead of relying on security and software vendors to publish patches to halt malicious activity, Stat Neutralizer stops potentially damaging behavior regardless of whether the threat is caused by a virus, human error, buffer overflow attacks, or other behavior, the company says.

Rayford Vaughn, an associate professor of computer science and director of the computer security research center at Mississippi State University, has tested Stat Neutralizer for several weeks. "It allows you to go into the operating-system kernel and set up rules that prevent strange behavior on your system," he says.

Vaughn says Stat Neutralizer detects any type of potentially troublesome behavior before any damage is done to systems. If an intrusion such as the recent Nimda worm tries to propagate itself within a server, or if a malicious application attempts to alter system files or force applications such as Microsoft's Internet Information Server to commence activity deemed potentially harmful, Stat Neutralizer will stop it.

Vaughn has one complaint: Stat Neutralizer won't be available on Linux for a few more months. He says once that version is available, he'll install it on each of the PCs the university is using in a high-performance cluster.

Pete Lindstrom, director of security research for Hurwitz Group, likens Stat Neutralizer to security at a nightclub. A firewall can be used to block every entry into a business' network except through the one port that's deemed the network's front door, Lindstrom says, and "Neutralizer will act like a bouncer in a club, and won't allow anyone to do any activity the club owners don't want, keeping the club safe."

Available now for Windows NT/2000, Stat Neutralizer starts at $2,995 for an administration server, five server agents, and 10 workstation agents.