RealTime IT News

A Bio Approach to Network Security

HP announced new security services to provide what it calls a holistic approach to protecting networks and connected devices.

Active Countermeasures models the human body's immune reaction to invasion by microbes. It runs a periodic vulnerability analysis based on the latest advisories from security monitoring organizations such as CERT, prioritizes the threats, scans the network for vulnerable machines, then automatically deploys a payload of prevention.

"We'll use the same opening the hacker used to get [malignant] code onto the machine," said HP Labs' distinguished technologist Joe Pato. Through that opening, a sort of vaccination in the form of a payload of code to deal with the threat is delivered. The countermeasures in the payload are determined by policies pre-set by the organization, and could include everything from popping up an alert on the threatened machine to automatically quarantining it from the network.

"Instead of looking at security from a command-and-control perspective, we've moved to a more realistic perspective of coping with change in a resilient infrastructure that recovers," Pato told internetnews.com.

HP's second security service is Virus Throttler, a tool that slows denial of service attacks down to human scale. Virus Throttler works continuously on the network, monitoring the speed at which individual machines attempt to connect to others.

"Attacks like Blaster or Slammer move at a tremendous rate of speed," Pato said. "They can propagate in sub-seconds, a time scale in which human intervention is unfeasible. All you can do is recover after the fact. We didn't want to live with that."

While Slammer was connecting to some 850 new machines per second, Throttler lets administrators limit the number of new connections made in a set period of time. The result is only a fraction of a second of delay, which is barely noticeable to legitimate users but plenty of time to stop a worm. Pato said that in lab tests with live virus, HP was able to stop Slammer in 2/100 of a second.

Although it announced the availability of Virus Throttler and Active Countermeasures during the RSA Conference, held in San Francisco February 23 through 27, they aren't aren't on the market. HP has developed these security strategies over the past two and a half years, according to Pato, and has used them internally. It's now begun testing with a few customers, and it expects to have the services generally available by the end of the year.

HP is now ready to carry these security measures outside its firewall, as part of its Adaptive Enterprise initiatives, Pato said. In the short term, they'll be delivered as services because of the customization entailed. Pato promised that these are only the first of the holistic solutions brewing in HP Labs.