February 5th, 2003, 12:32 AM
New way to fight virus
February 3, 2003
Security App Modeled After Immune System
By Dennis Fisher
The security industry has always looked to the field of medicine for metaphors and ways of thinking about network protection. Now, Sana Security Inc., a San Mateo, Calif., start-up, is extending that relationship to another level with the introduction Monday of its Primary Response application security platform.
The software works by observing application-operating system interactions and learning the code paths that each application uses during its normal operations. The system develops a profile of each application's behavior and then blocks anything that falls outside that profile.
As a result, the system produces a remarkably low number of false positives?as few as two or three per month in some customer environments.
The concept was taken from the human immune system's ability to recognize potential infections and begin defending against them before they reach their intended targets. The software is the brainchild of Steven Hofmeyr, Sana's founder and chief scientist, who came up with the idea while doing research for his doctoral thesis.
Although the concept is somewhat similar to several other systems on the market?notably those sold by Okena Inc.?there is one key difference, Hofmeyr says: Sana does not rely on a human to define the acceptable behavior for each application.
"They assume that there's some human out there with sufficient knowledge to recognize the attacks and know what to do," Hofmeyr said. "We've assumed the human won't understand."
Primary Response relies on a server-agent architecture and is meant mainly for servers handling Web, FTP and Domain Name System traffic. However, it can also protect custom applications.
Once an attack is detected and blocked, the system functions much like other security applications. It sends an e-mail alert to the administrator and logs the event in a central management console. The system also includes a set of analytics to help identify trends and dig deeper into each event.
Primary Response is due to ship in mid-March on the Windows and Solaris platforms; Linux and AIX versions are in the works. One server license costs $6,500 and each agent is $1,750.
February 5th, 2003, 01:26 AM
I wouldn't really consider this process "new", i've heard about it several times in the past. To me it seems to be based on that credit card tracking system, where if you make a purchase not in your usual "buying habbits" the charge is denied.
Mafia = Organized Crime
Government = Unorganized Crime