| Recent Articles |
Microsoft Ten-ders New Security Update
Microsoft has 10 new security bulletins lined up
for release next week. The June 14th release promises
a number of other updates.
getconf
"getconf" returns the value of certain
system variables. It queries system configuration
variables which are either...
|
| |
| 05.10.05
Intrusion Prevention Advances
 By David Utter
Symantec takes a step forward with a product capable of detecting
and thwarting "day-zero" viruses.
The process of combating viruses has been like the proverbial
closing of the barn door after the horses escape. Antivirus
solutions don't have an answer to a virus outbreak until after
it has begun to circulate.
To answer the threat, a software product would have to detect
a virus as one even if its signature file didn't contain details
on that virus. Many antivirus programs attempt to use heuristics
to isolate potential problems, but those have been problematic
for enterprises, sometimes detecting legitimate traffic on a
network as a threat.
Symantec seems to have made progress on this front. It has announced
a product called Critical System Protection 4.5, for Windows,
UNIX, and Linux platforms. The CSP product will launch later
this month.
The company advertises it as a defense against so-called "day-zero"
attacks, those being virus threats for which a signature does
not yet exist in antivirus products. One security manager credited
the product for its effectiveness.
"(D)uring our profiling period, Symantec Critical System Protection
has shown real value in its ability to identify malicious activity
that slipped through other layers of protection," reports Kenneth
Brothers, manager of Information Security at the Federal Home
Loan Bank of New York. "In one specific example, it identified
a ‘day-zero virus' before an antivirus signature was available."
Symantec says the product uses behavior-based intrusion prevention
technology to protect clients and servers against unknown malicious
behavior. Buffer overflow and memory-based attack protection
provide added defense against the most sophisticated attacks.
CSP also incorporates a firewall that can monitor network traffic,
and it has the usual capabilities to block inbound and/or outbound
traffic on a port or protocol basis.
With its ability to enforce security policies and compliance,
firms working under the purview of Sarbanes-Oxley should find
the product complements their efforts at maintaining those required
internal controls for auditing purposes.
About the Author:
David Utter is a staff writer for WebProNews covering technology
and business. |
