Last February we discussed an interesting security device from ForeScout Technologies that sits next to the firewall, tracking hacker reconnaissance efforts and then shuts down attempts to break in using information gleaned during that recon.The company promised to complement that product with a box designed to combat internal threats. On Monday it did just that, but instead of positioning it as a way to fight hackers, the new product is called WormScout and, as you can guess, is designed to fight worms.Why the switch? Selling the outward-facing ActiveScout has been harder than anticipated, admits CEO Kent Elliott. ActiveScout provides intrusion-prevention services but isn’t a classic intrusion-prevention product because it doesn’t require signatures and doesn’t have to be implemented inline. The extra customer education required makes the sales cycle longer.But the appeal of a security device that helps keep out bad guys, is simple to operate and doesn’t generate thousands of false positives has earned ForeScout 130 customers, from regional credit unions to Fortune 500 shops. More impressively, Elliott says all customers have enabled the automatic blocking feature of ActiveScout, meaning the systems simply are shutting hackers out. That’s quite an achievement because few organizations will let security products respond to anything without human review for fear that some good traffic will go out with the bad.While ActiveScout is taking off slower than anticipated, Elliott thinks it has a good future, but he is even more jazzed about WormScout. Although the core technology is essentially the same in both products, Elliott says the worm problem has become so rampant that it made more sense to play up the worm-containment features with this new product instead of the anti-hacking benefits.WormScout installs either in front of assets you want to protect, such as core servers, or in front of groups that are prone to worm attacks, say sales representatives who travel with their laptops.A worm typically searches for one type of port to exploit, such as SQL or User Datagram Protocol (UDP), so when WormScout sees something looking for Port X on IP address 1, then 2, then 3, etc., it responds offering the service sought. When the worm tries to take advantage of that resource, WormScout uses TCP reset to stop the session or invokes the help of other LAN devices to isolate the offending party.Anything that automatically stops worms can only be a good thing, especially given the speed at which these things spread. Related content news Fortinet brings AI help to enterprise security teams Fortinet Advisor aims to help customers respond to threats more quickly By Michael Cooney Dec 11, 2023 3 mins Network Security how-to Getting started with scripting on Linux, Part 1 Once a script is prepared and tested, you can get a significant task completed simply by typing the script's name followed by any required arguments. By Sandra Henry-Stocker Dec 11, 2023 5 mins Linux feature Starkey swaps out MPLS for managed SD-WAN Hearing aid manufacturer achieves performance boost, increased reliability and cost savings after a shift from MPLS to managed SD-WAN services from Aryaka. By Neal Weinberg Dec 11, 2023 6 mins SASE SD-WAN Network Security news Nvidia races to fulfill AI demand with its first Vietnam semiconductor hub Vietnam has been a growing tech manufacturing destination for the past few years, and Nvidia said it is open to a new manufacturing partner in Vietnam. By Sam Reynolds Dec 11, 2023 3 mins CPUs and Processors Technology Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe