Build yourself a botwall

Build yourself a botwall

Chief security officers have a panoply of tools to protect their companies' IT and data assets. There's the hoary firewall, the intrusion-detection system and its intrusion-protection system cousin, and antivirus and antispyware software. Now there's something new and increasingly important to add to IT's defensive perimeter: the botwall, which targets those PC zombies controlled by hackers. 

Shar Aziz, CEO of FireEye in Menlo Park, Calif., argues that companies need to "wall off bots" with appliances that sit inside the data center and work with systems deployed at Internet service providers and third-party technology partners. The result is a "botwall network" designed to identify and shut down bots. According to Aziz, each botwall runs a virtual victim machine (VVM), which is software that pretends to succumb to a hacker's ruse. He says the VVM captures on a "hair trigger" any suspicious traffic that gets through the firewall and analyzes it for malware. The analysis is done by all the botwalls on your network, in combination with those off-network. 

Aziz claims that the botwalls can quickly determine whether traffic is malevolent and then let it through or shut down any data emanating from the source domain, or take other security actions. FireEye has two botwall models, one that can handle network traffic up to 200Mbps, and the other up to 1Gbps. Next month, it will release a model that can process data moving at between 5Gbps and 8Gbps. Pricing starts at $10,000.

Cut false positives

Application developers are under pressure to get code into production quickly. So the last thing they want is an analysis tool that reports security problems in source code that don't even exist. Ben Chelf, chief technology officer at San Francisco-based Coverity Inc., says an add-on to Coverity Prevent SQS includes a mathematical technique known as satisfiability. The first module, the SAT False Path Pruning Solver, eliminates places in C, C++ and Java code where defects are infeasible, cutting the false positive rate to as low as 5%. Chelf hopes to improve on that number as more modules are released next year targeting problems such as buffer, string and integer overflows. Pricing for Prevent SQS is project-dependent.

Use keystrokes to improve security

Next week, BioPassword in Issaquah, Wash., will ship the 4.0 Enterprise Edition of its eponymous login software, whose "keystroke dynamics" feature provides biometric assurance that a user is who he says he is. Or, more precisely, who he types he is. CEO Mark Upson says the upgrade improves the accuracy of identifying users through their typing techniques to 99.2%, as verified by The Tolly Group in Boca Raton, Fla. He claims that's "equivalent to a fingerprint" as a means of identification. The release also includes support for the Citrix Access Gateway VPN. BioPassword currently integrates with Active Directory to authenticate Windows clients. 

In Q1, Upson says, the software will add support for Macintosh and Linux users as well as standard LDAP directories. Because the software knows how users type their usernames and passwords, it can report on who is sharing passwords with colleagues. If a user has a hand injury, is hopped up on caffeine or is experiencing something else that affects his typical typing pattern, BioPassword can offer challenge questions for log-in. A perpetual license for the Enterprise Edition starts at $50 per user.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.