In Brief

Network Security Innovations: Between the Pipes

Hackers (well, the successful ones anyway) are creative types, always looking for new ways to get into your network. So it makes sense for security tool developers to strive for equal creativity.

By Julie Hanson

September 01, 2003 — CSO — Hackers (well, the successful ones anyway) are creative types, always looking for new ways to get into your network. So it makes sense for security tool developers to strive for equal creativity. Here's a handful of defense tools that analysts cite as network security innovations.

ForeScout Technologies (www.forescout.com) offers an interesting twist on network security, according to Pete Lindstrom, director for market research company Spire Security. ForeScout's Active Scout product aims to trick would-be intruders by sending them false information, including bogus IP addresses, e-mail accounts or passwords. Since most hackers begin by conducting reconnaissance work on their victim network, their first steps include searches for passwords and e-mail accounts in order to obtain access. Active Scout happily releases passwordsjust not the real onesand tags the requester of that information. If that hacker comes back to look again and uses the bogus password, network administrators know they have an intruder, and not just someone who mistakenly entered the network.

"If someone responds to your bogus information, you know that this is unauthorized, and then [ForeScout] blocks the source, the IP address," says Lindstrom.

CounterMalice is described by purveyor Silicon Defense (www.silicondefense.com) as a "worm containment solution." CounterMalice works by first dividing a network into various cells that the software can monitor. The software then analyzes network traffic between cells, searching for data movement patterns that could indicate the spread of a worm. If an odd pattern is detected, that cell is blocked from communicating with other cells, and the worm is stopped. Lindstrom says what's unusual about this idea is that rather than searching individual strings of data for specific worms, CounterMalice watches the behavior of the network traffic itself.

Charles Kolodgy, research director for security products at IDC (a sister company to CSO's publisher), says lately he is seeing unique products from companies with close ties to the government, including Invicta Networks (www.invictanetworks.com). Invicta was founded by former National Security Agency contractor and ex-KGB agent Victor Sheymov, who defected to the United States in 1980. Invicta's concept for deterring hackers involves changing the protected network's IP address as frequently as every second. The company's InvisiLAN product works via network security cards installed in each workstation. Each card is connected to a central control unit the IS team can use to monitor the switching of IP addresses.

"By hiding data and hiding IP addresses, they pretty much make the hackers just see dark space," says Kolodgy, who says that products such as InvisiLAN that enforce security at the desktop level are on the rise.

• Email
• Print
• Comments
• Digg This
• SlashDot