HP announced new security
services to provide what it calls a holistic approach
to protecting networks and connected devices.
Active Countermeasures models the human body’s immune
reaction to invasion by microbes. It runs a periodic
vulnerability analysis based on the latest advisories
from security monitoring organizations such as CERT,
prioritizes the threats, scans the network for
vulnerable machines, then automatically deploys a
payload of prevention.
“We’ll use the same opening the hacker used to get
[malignant] code onto the machine,” said HP Labs’ distinguished technologist Joe Pato. Through that
opening, a sort of vaccination in the form of a
payload of code to deal with the threat is delivered.
The countermeasures in the payload are determined by
policies pre-set by the organization, and could
include everything from popping up an alert on the
threatened machine to automatically quarantining it
from the network.
“Instead of looking at security from a
command-and-control perspective, we’ve moved to a more
realistic perspective of coping with change in a
resilient infrastructure that recovers,” Pato told
internetnews.com.
HP’s second security service is Virus Throttler, a
tool that slows denial of service
monitoring the speed at which individual machines
attempt to connect to others.
“Attacks like Blaster or Slammer move at a
tremendous rate of speed,” Pato said. “They can
propagate in sub-seconds, a time scale in which human
intervention is unfeasible. All you can do is recover
after the fact. We didn’t want to live with that.”
While Slammer was connecting to some 850 new
machines per second, Throttler lets administrators
limit the number of new connections made in a set
period of time. The result is only a fraction of a
second of delay, which is barely noticeable to
legitimate users but plenty of time to stop a worm.
Pato said that in lab tests with live virus, HP was
able to stop Slammer in 2/100 of a second.
Although it announced the availability of Virus
Throttler and Active Countermeasures during the RSA
Conference, held in San Francisco February 23 through
27, they aren’t aren’t on the market. HP has developed
these security strategies over the past two and a half
years, according to Pato, and has used them
internally. It’s now begun testing with a few
customers, and it expects to have the services
generally available by the end of the year.
HP is now ready to carry these security measures
outside its firewall, as part of its Adaptive
Enterprise initiatives, Pato said. In the short term,
they’ll be delivered as services because of the
customization entailed. Pato promised that these are
only the first of the holistic solutions brewing in HP
Labs.