First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.
Startup looks to head off botnets
- — 04 February, 2008 14:25
A startup with US military backing will begin beta-testing a security appliance this month, which it argues could change the face of network security by automating and refining the generation of malware signatures.
The startup, Nemean Networks, was co-founded by Paul Barford, a computer scientist at the University of Wisconsin, Madison, and is named after the first of Hercules' 12 tasks - to kill the Nemean lion, a beast with an impenetrable coat. (In the end the lion was choked to death and had to be skinned using its own claws.)
The appliance is currently known as the A1000 and is due to begin a four- to six-month testing period on-site with several potential enterprise clients this month, after which the company plans to begin commercial production, according to Nemean.
One of the company's backers is an investment group formed by University of Wisconsin alumni, which looks to capitalize on the university's intellectual property, and Nemean's technology is based on four distinct patents either already filed or are in process with the Wisconsin Alumni Research Foundation (WARF).
Barford sees automation as the next step in the arms race with Internet attackers, and one of Nemean's innovations is to dispense with manually generated signatures, automating the process.
At the same time, Barford claims the signatures thus generated are more detailed and practically do away with false positives.
A test comparing Nemean against a current intrusion prevention technology showed both with a comparable detection rate for malicious activity, but Nemean generated zero false positives, compared to 88,000 from the comparison technology in the same time period, Barford said.
A single Nemean signature can be used to detect an entire class of attack, Barford said.
Nemean also aims to give network administrators a more in-depth point of view of malicious activity around the network, arguing a clearer understanding of the situation is the only way admins can hope to improve security.
The product will only work on detection and awareness, Barford clarified: users will still need a separate capability such as a firewall for actually blocking attacks.
Security experts have long warned that conventional signature-based systems are going the way of the dodo, due to the increasing sophistication and dynamism of attacks.
Barford's research is getting significant interest from the military, with funding from the US' National Science Foundation, Army Research Office and Department of Homeland Security. The technology was developed and tested initially at the Wisconsin Advanced Internet Laboratory (WAIL).
Signature-based technologies are now "crumbling under the pressure of the number of attacks from cybercriminals," said Art Coviello, president of RSA, the security division of EMC, at a conference last year.
"Today, static security products are just security table stakes," Coviello said. "Tomorrow, they'll be a complete waste of money. Static solutions are not enough for dynamic threats."
He argued behavior-blocking and "collective intelligence" technologies will be the best way to effectively combat viruses.