Start-up takes aim at ‘zombie’ PCs

Start-up Simplicita this week is launching its first set of products to help ISPs identify and fix zombie PCs on their networks.

The company is announcing Simplicita ZBX, which is a set of three products: Reputation Knowledge Server, DNS Traffic Switch and Walled Garden Server.

“A lot of security solutions have done one of two things: They help identify a hijacked computer but then leave you to figure out how to fix it, or they quarantine or block zombie traffic,” says Jan Dawson, principal analyst at Ovum. “Simplicita’s products package different elements.” The products also interact with existing security systems an ISP likely has deployed.

Reputation Knowledge Server is preconfigured to work with 18 public honeypots and internal reports stemming from firewalls, spam filters and systems that do deep-dive packet inspections, says Frank Bergen, CEO at Simplicita.

Companies such as Arbor Networks and Sandvine offer products that do deep-dive packet inspections to thwart and mitigate distributed denial-of-service attacks.

Simplicita says its products work in conjunction with other network and desktop tools used to keep networks safe.

“It’s unusual, to be honest, to have a vendor recognize that there are things being done well,” Dawson says. Simplicita’s products interoperate well with other security platforms and incorporate those with its systems, he says.

Reputation Knowledge Server inspects all the information from these multiple sources as a customer attempts to surf the Web over an ISP’s network. A user’s activity also is compared with an ISP’s acceptable-use policy.

The server uses all of these sources to flag a PC that’s potentially being used as a zombie. Once flagged the DNS Traffic Switch redirects the user to the ZBX Walled Garden Server.

Once a user has been quarantined in the Walled Garden Server, he is instructed on how he can scan his PC for possible viruses or rogue software. How users are handled in the Walled Garden is determined by each ISP.

“ISPs may have some customers sent to the Walled Garden only as a warning that there might be a problem, or it will require users scan their PC before they can access the Internet again,” Bergen says.

In the Walled Garden, ISPs can direct customers to use desktop security products the ISP makes available, he says. For example, if an ISP is using anti-virus software from McAfee it may require that users update their software before accessing the Web. Or the ISP can also let users “hit the snooze button,” and skip that step if they’re on the road or in a hurry.

Simplicita says it is in talks with tier-one ISPs but cannot name any as customers. Everwave, a smaller ISP in Denver, is testing the product, according to Simplicita.