- Google Earth used to predict electrical problems
- Kaminsky: Many ways to attack with DNS
- Tools to evade China's Web censorship
- Procter & Gamble's Cisco TelePresence experience
- Adobe warns of fake Flash installers
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Start-up FireEye made its debut last week, announcing plans to ship a switch-based network access control appliance next month that will let customers identify network-borne malware and attacks in order to contain them quickly.
Ashar Aziz, the firm's CEO, founded the company after a 12-year engineering career at Sun. He says FireEye's NAC appliance, as yet unnamed, will make use of what FireEye calls its virtual-machine technology to identify attack traffic.
This approach entails duplicating the desktop and server operating systems and applications within the FireEye appliance as a virtual CPU, and analyzing how traffic passing through a managed switch might affect it.
"The idea is to model vulnerability to malware," Aziz says about the virtual-machine approach. Only Avinti, a start-up funded by Symantec and two venture-capital firms to detect unknown keyloggers and Trojans in e-mail, is known to be applying the virtual-machine concept in similar fashion in its iSolation Server.
Aziz says the technique will be effective at the network level to identify quickly incoming malware or attacks that might disseminate in an enterprise.
If the FireEye appliance determines network traffic is harmful, it can direct a switch to take action. "We can then shut down the ports or quarantine the device," Aziz says.
The FireEye appliance isn't an in-line device, so it doesn't block packets, but it will let network managers isolate LAN segments to protect them from attack or isolate infected machines at an early stage before a threat has been analyzed by the broader security community.
The first version of the appliance will run copies of Windows-based applications, both patched and unpatched, to analyze how incoming traffic might adversely affect them. FireEye also plans support for Linux in the fall.
Aziz, whose background includes founding and then selling start-upTerraspring to Sun in 2002, has confidence that FireEye's virtual-machine approach will find a corporate audience, even as the market for NAC products mushrooms with vendors announcing new products practically every day.
"You can have your anti-virus up to date and still get infected if there's a new worm," Aziz says. "Our model tells you you're infected through passive monitoring in a virtual-machine environment."
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment