Okena fields software to prevent file tampering

WALTHAM, MASS. - Security start-up Okena last week made its debut with Windows NT-based software to protect against a wide variety of threats, including file tampering or denial-of-service attacks on Microsoft's Internet Information Server Web server, SQL Server database and Office and Outlook desktops.

With StormWatch, users deploy software agents inside the firewall and can monitor network transactions on the server and the desktop, reviewing traffic and ensuring operations do not violate customer-defined rules. For instance, StormWatch would prevent changing of registry keys or disallow changes to the Web server except through a specific application.

The idea is to prevent hacker attempts at Web defacement that are often carried out through buffer overflows.

StormWatch can look out for computer viruses that trigger mass mailings by using Visual Basic Scripts to raid the user's directory.

"If Outlook launches a network application to send a large volume of e-mail, StormWatch will catch that," says Eric Ogren, an Okena vice president. StormWatch would warn the user that the mass mailing is about to occur, with the user gaining the option to allow it if it's legitimate.

Conventional security software addresses computer threats that have already been identified, while Okena is designed to fend off existing attacks and recognize probes from hackers before they damage applications.

Even though StormWatch, which starts at $1,095, can't prevent threats such as distributed port scanning or denial-of-service attacks such as SYN Floods, the software will report to the management console about suspicious events.

In this security arena, Okena enters the market against competitors Pelican Security, Finjan, WatchGuard, Entercept and Alladin Knowledge Systems, vendors that provide software that attempts to guard against unauthorized activity by intercepting actions deemed invasive.

Litton PRC, a large systems integrator, has tested the Okena software in its research and development labs with an eye toward deploying it internally and for possible sale to customers.

According to Perry Tsacoumis, technical director for R&D projects at Litton, StormWatch lets the user define a separate security policy for each machine on the network.

The product comes with a lot of "canned" security profiles so managers don't have to start from scratch defining them on their own, Tsacoumis says.

Okena: www.okena.com.