Start-up hits market with IDS package

Start-up CounterStorm last week unveiled CounterStorm-1, a security appliance that protects network resources early on in an attack by shutting down network access.

First strike, or zero-day attacks from worms or viruses can succeed by exploiting a vulnerability or lack of user awareness while the security industry is analyzing the new attack to design a specific defense - which is frequently based on a threat signature - against it.

CounterStorm says its security appliance uses behavior- and anomaly-based detection rather than signature-based methods to identify an attack. CounterStorm's competition includes Lancope and Mazu Networks, whose intrusion-prevention systems (IPS) also analyze traffic behavior and focus on internal security.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Start-up CounterStorm last week unveiled CounterStorm-1, a security appliance that protects network resources early on in an attack by shutting down network access.

First strike, or zero-day attacks from worms or viruses can succeed by exploiting a vulnerability or lack of user awareness while the security industry is analyzing the new attack to design a specific defense - which is frequently based on a threat signature - against it.

CounterStorm says its security appliance uses behavior- and anomaly-based detection rather than signature-based methods to identify an attack. CounterStorm's competition includes Lancope and Mazu Networks, whose intrusion-prevention systems (IPS) also analyze traffic behavior and focus on internal security.

"CounterStorm-1, which plugs into any network switch, passively mirrors traffic, and its goal is to stop network attacks immediately," says Gil Arbel, CEO with the firm.

As a passive monitor, CounterStorm-1 doesn't sit in-line to directly block network traffic as some IPSs do. Instead, it thwarts an attack such as a worm outbreak by automatically disabling the port of an infected device or segmenting traffic on a virtual LAN (VLAN). CounterStorm-1 appliances, deployed at LAN segments, report back to a management center appliance.

Matt Miller, vice president of engineering, says CounterStorm's intrusion-detection method was developed at Columbia University's advanced research labs with encouragement from the Department of Defense. The start-up has received more than $1 million in funding from the Department of Homeland Security and expects to soon announce private-equity funding as well.

CounterStorm says its gear is being used by 10 customers, including Fortune 1000 companies and a few government agencies, which it wouldn't name.

The cost of deploying CounterStorm-1 ranges from $75,000 to $100,000.

Read more about security in Network World's Security section.