Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

Attacks Averted


Intrusion-prevention tools prove themselves by stopping worms like Slammer in their tracks

By George V. Hulme
InformationWeek
February 3, 2003 12:00 AM (From the February 3, 2003 issue)

When the Slammer worm invaded the Internet on Jan. 25, it flooded corporate networks and servers with messages, shut down E-commerce sites, disabled some ATMs, and slowed traffic on parts of the Web to a crawl. But Slammer didn't worry Eric Chamberlain, an Active Directory architect for the University of California, Berkeley, even though the school's computer systems were running software that was vulnerable to the worm.

More Software Insights

White Papers

Webcasts

Reports

Videos


The company's IT GRC software helps automate the assesment and testing process for business decision makers with a customizable dashboard. Coke's tech chief talks about turning IT into a partner with the business side. Eric Rubin, CEO of Dreamfactory, talks about the company's Business Essentials, a suite of software services, including project management and business intelligence, that runs on the Salesforce.com AppExchange platform.
Eric Rubin, CEO of Dreamfactory, talks about the company's Business Essentials, a suite of software services, including project management and business intelligence, that runs on the Salesforce.com AppExchange platform.
Last summer, Chamberlain installed intrusion-prevention software from Okena Inc., which he says has stopped several attacks against the university's servers and desktop computers. When Slammer hit, the Okena security software prevented the worm from infecting unpatched systems in the university's network. "It worked again," he says.

Chamberlain is one of a growing number of business-technology professionals impressed with intrusion-prevention tools that watch for "bad behavior"-buffer overflows or unusual port scans, for example-and then address it. Unlike intrusion-detection tools and antivirus products that scan for known virus and worm code to identify potential attacks, server- and PC-based intrusion-prevention tools learn how applications and operating systems are supposed to act, then incorporate behavioral policies based on that knowledge, which lets them stop new attacks. Administrators can create the rules of behavior for some applications or let the software log application activity to build its own understanding of appropriate behavior. The market for these products, which are sold mostly by startup vendors such as Entercept, Harris, Okena, and Sana Security, has been small. But it's expected to grow quickly, from $62 million last year to $520 million by 2007, according to analyst firm the Yankee Group.

ERIC CHAMBERLAIN PHOTO

Okena software helped UC Berkeley avoid damage from the recent Slammer worm, Chamberlain says.
Cisco Systems' well-timed entry into the intrusion-prevention market should help fuel that growth. The day before Slammer hit, the leader in networking, firewall, and intrusion-detection hardware systems said it would pay $154 million in stock to buy Okena, which analysts estimate had less than $10 million in revenue last year. Cisco officials won't discuss plans for integrating the technology into the company's products or whether they'll sell it as a standalone product. But the acquisition is already raising the technology's profile. "I probably wouldn't have known about intrusion prevention except that Cisco has the power to bring it in front of me," says Larry Peterson, VP of corporate technology services at Gelco Information Network, a provider of outsourced E-business services to the consumer-goods industry.

Other major security vendors see opportunity, too. Check Point, NetScreen, Network Associates, Symantec, and Trend Micro are expected to bolster their security apps with intrusion-prevention capabilities, either through acquisitions or in-house development. Internet Security Systems Inc. last month enhanced its software's ability to correlate a company's software vulnerabilities with real-time information to better stop attacks.

Having realized that antivirus software and firewalls don't stop all attacks, companies are eager for several lines of defense in the battle against threats. Attacks more sophisticated than Slammer "could be devastating," President Bush's cybersecurity adviser, Richard Clarke, told colleagues last week in an E-mail confirming his resignation plans, according to published reports.

Radianz, a network-services provider for the financial-services industry, had security systems in place that prevented Slammer from infecting its computers, but chief information security officer Lloyd Hession says he's glad he'd installed ISS's software for added protection. "It's a belt-and-suspenders approach," he says.

Another factor that makes intrusion-prevention technology appealing is that it promises to help security pros get better control of the costly and time-consuming process of installing software patches to plug vulnerabilities in operating systems and applications and to fend off known viruses and worms. A patch was issued last summer to fix the vulnerability in Microsoft's SQL Server software that Slammer used to infect systems. But the success of Slammer shows that many systems and networks weren't patched.

It's easy to see how slipups can occur. Security experts keep finding new software vulnerabilities-nearly 50 a week-and vendors keep trying to fix the problems with software patches. IT managers spend two hours per server to test and deploy a patch, which leads research firm Gartner to estimate that it can cost a company with 1,000 servers about $300,000 for each patch. Though other tools that manage and automate the deployment of server and desktop patches can cut the time and cost involved, Hession says that patching is "a problem that's reached ridiculous proportions." Microsoft, whose nearly ubiquitous software is the target of the majority of attacks, says its forthcoming Windows 2003 Server operating system will make patching easier with an automatic update feature. But some business-technology managers are leery. "You're always going to have to test these patches before rolling them out," and that's still time consuming, says James Pu, director of technology services with the Los Angeles County Employees Retirement Association.


Page 2:  Attacks Averted
1 | 2 Next Page »


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.