Mirage Networks is wheeling out an appliance designed to halt quick-spreading, LAN-based worms and viruses by neutralizing individual infected machines rather than cordoning off entire parts of affected networks.Mirage Networks is wheeling out an appliance designed to halt quick-spreading, LAN-based worms and viruses by neutralizing individual infected machines rather than cordoning off entire parts of affected networks.Called the Mi40 Inverted Firewall, the device intercepts attacks by responding as if it is the targeted host so further attempts never reach the targeted machines. This cuts off the attack without disrupting network access for other devices.While competitor Silicon Defense performs similar functions, Mirage says its Inverted Firewall can block attacks host-by-host without shutting down access to entire subnets. The Mi40 can intercept traffic from the specific IP ports generating the suspect traffic, making it possible to block the attack but still use the infected machine safely. “They can still do other work on that machine, but it denies the worm the ability to do its damage,” says Michael Disabato, an analyst with Burton Group. Inverted Firewall connects to mirroring ports on up to four LAN switches at a time, monitoring all their traffic for signs of possible intrusions. These include attempts to reach unassigned IP addresses (something worms do to scan for vulnerable machines), improperly configured packet headers and sudden spikes in the number of IP addresses with which a host tries to talk.If it suspects an attack against an active IP address, it redirects the attack to itself and drops the traffic. If the suspicious behavior stops and a preset time interval elapses, Inverted Firewall stops intercepting traffic from the suspect machine. The Inverted Firewall also responds to attempts to reach unassigned IP addresses, tying up all the attack threads from the infected host. Answering messages sent to unassigned IP addresses also can work as an early warning system, says Mark Wilkinson, Mirage CTO and a co-founder of the 2-year-old start-up. Unassigned addresses have a better chance of being hit first or early in an attack that is probing random IP addresses. That is because 80% or more of private IP addresses are unassigned in most corporate networks, he says.PROFILE: MIRAGE NETWORKSLocation:Austin, TexasFounded:October 2001Founders:Mark Wilkinson, CTO; Ron Miller, vice president of testing and problem resolution.Product:Mi40 Inverted Firewall.Financing:$8 million from CenterPoint Ventures and Adams Capital Management.Competitors:Silicon Defense, TippingPoint Technologies, IntruVert Networks, OneSecure, Check Point.Employees: 30 Competing security vendors include NetScreen Technologies and IntruVert Networks, but they are focused more on stopping incursions entering from the WAN.Inverted Firewall differs from some other intrusion-protection and -detection devices in that it does not sit in-line with traffic, meaning that it does not slow traffic as it works, nor does it block traffic if it crashes.It also differs in that it bases detection solely on rules about the behavior of network devices, not packet-level signatures. The Mi40 learns patterns of normal network traffic over time, helping it decide what is suspect traffic.Mi40 Inverted Firewall is expected to be available in the middle of this month and costs $12,000. Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe