Determina protects without patches

Intrusion-prevention vendor Determina this week is expected to roll out software that shores up server vulnerabilities, buying network executives time until they can install permanent patches.

The software, called LiveShield, lets corporations fix security holes in applications while keeping key servers continuously online, avoiding downtime that can disrupt business. Ultimately businesses have to install traditional patches issued by vendors and reboot the servers. But with Determina protecting the vulnerable application, the installation can be safely delayed until a time when it won't interrupt end users. Determina plans to announce LiveShield at the Demo conference this week.

LiveShield is an add-on to Determina's intrusion-prevention software, Memory Firewall, which runs on the servers it protects. Working together, the two pieces of software insert vulnerability fixes - Determina calls them shields - into applications as they are running in memory on the servers. The shields are written by Determina based on the patches issued by software vendors in response to reported vulnerabilities, and are distributed and automatically installed on the fly via Determina's management software.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Intrusion-prevention vendor Determina this week is expected to roll out software that shores up server vulnerabilities, buying network executives time until they can install permanent patches.

The software, called LiveShield, lets corporations fix security holes in applications while keeping key servers continuously online, avoiding downtime that can disrupt business. Ultimately businesses have to install traditional patches issued by vendors and reboot the servers. But with Determina protecting the vulnerable application, the installation can be safely delayed until a time when it won't interrupt end users. Determina plans to announce LiveShield at the Demo conference this week.

LiveShield is an add-on to Determina's intrusion-prevention software, Memory Firewall, which runs on the servers it protects. Working together, the two pieces of software insert vulnerability fixes - Determina calls them shields - into applications as they are running in memory on the servers. The shields are written by Determina based on the patches issued by software vendors in response to reported vulnerabilities, and are distributed and automatically installed on the fly via Determina's management software.

To do this, each server must already be running Memory Firewall, which controls the running of the application in memory on the server, where it analyzes application behavior. When it detects abnormal behavior indicating an attack, it shuts down.

In combination with LiveShield, Memory Firewall can insert code that fixes vulnerabilities in the application as it is running on the server.

The shield is not inserted into the application as it is stored on the server hard drive, so the actual patch will still have to be installed. With the extra time LiveShield provides, businesses can schedule convenient times for installing the security patches and can test whether other upgrades bundled with them are compatible with other software running on the server hardware. By doing so, businesses can avoid additional downtime that incompatibility can cause, says Nand Mulchandani, Determina's vice president of marketing and business development.

Determina must wait for software vendors to issue their patches before it can write the shields. In turn customers must wait for Determina to issue the shields, which it creates by reverse-engineering the patches to determine what lines of application code need to be altered to fix vulnerabilities, Mulchandani says. Writing a shield takes 12 to 24 hours after a patch is received, he says.

The company writes shields for all enterprise Windows applications and Citrix, and is testing with other vendors, Mulchandani says. It does not write them for custom applications that businesses might have written for themselves, he says.

Determina's intrusion-prevention software competes against Sana Security, Network Associates with its Entercept software and Cisco with its Security Agent. Start-up PivX also has a host-based IPS, although none of these has code-mending software like LiveShield. Blue Lane's Patch Point software, which it calls a patch proxy, also performs a similar function to that of LiveShield.