Network Ice, a hot security start-up for intrusion detection, this June plans to ship its first software-based suite for stopping the wily hacker cold.
To protect Windows-based desktops and servers from hack attacks, Network Ice is providing software called BlackICE Pro. If BlackICE software spots evidence of mischief, it responds by alerting the user or the administrator of the problem. It can also shut down all communication to and from the source of the intrusion attempt.
BlackICE Pro software, which costs $37 per node for 1,000 nodes, will issue a report of any trouble to the Web-based security management console called ICEcap (an acronym for "consolidation, analysis and presentation").
According to Greg Gilliom, CEO of Network Ice, the ICEcap reporting engine uses a technology dubbed "Collective Awareness" to analyze the nature of the intrusion attempt. If needed, it will inform all BlackICE-protected desktops or servers if a systemic corporate-wide attack appears to be under way.
Since hackers are constantly upgrading their attack exploits, the BlackICE software is going to have to be updated regularly, much like anti-virus software, Gilliom points out. To do this, ICEcap can "push" intrusion-detection updates down to BlackICE software without disrupting computer activity.
"We detect over 200 attack signatures, such as ping sweeps or denial-of-service attacks," Gilliom claims. "We're protocol experts - we know how to exploit protocols. But we're trying to provide a system of administration and protection for small companies that aren't aware of all these issues."
Gilliom and the other Network Ice co-founders Robert Graham and Clinton Lum all held senior engineering positions at Network General (now Network Associates after its merger last year with McAfee Associates).
The BlackICE suite is host-based intrusion-detection software for Windows. The start-up is also working on an NT-based probe called BlackIce Sentry that would be able to scan for trouble Unix machines, mainframes or databases. The company has no specific shipping date for BlackIce Sentry.
Network Ice Chief Technology Officer Robert Graham says that one of the most vulnerable points within the enterprise network today is that presented by the telecommuter or remote access user.
"The problem with VPNs and notebook computers is that firewalls are being bypassed by remote dial-in users," Graham says. "When we've put our software on a lot of people's machines, we see virtually everyone will undergo a hacker attack within just a few weeks."
This is because the hackers with their automated tools are targeting remote access users to find out their IP addresses or access methods in order to weasel their way into the corporate intranet, Graham claims. Therefore, even companies using VPNs or firewalls can benefit from a desktop-based intrusion-detection system used for remote access.
"We see three types of hackers out there," Graham says. "There are voyeurs, like peeping toms; graffiti artists that trash the Web site and tell their friends; and criminals who steal things, such as customer lists."
RELATED LINKS
NATO reinforces against 'Net attack from Serbs
Network World, 04/02/99
Sound the alarm!
Network World, 03/16/99
Striking back
Network World, 01/11/99
Dispatches from the hacker wars
Network World, 11/16/98
