Simple is better in the security world, and short of pulling the plug on the Internet, it’s harder to get more simple than ActiveScout.Simple is better in the security world, and short of pulling the plug on the Internet, it’s harder to get more simple than ActiveScout.This intrusion-prevention tool from ForeScout Technologies is designed with the knowledge that the majority (some say 95%) of all network attacks are proceeded by some form of reconnaissance. ActiveScout sits outside the firewall watching for reconnaissance and, working with a firewall, shuts out bad guys when they try to attack using information gathered during that reconnaissance.There are no port vulnerabilities to worry about or signatures to update, and no false positives to wrestle with. Here’s how it works. A Scout running on a hardened version of Red Hat Linux (which comes with the product) on a Pentium III-600 or more powerful box is placed in front of a firewall and starts watching for port scans, NetBIOS probes, Simple Mail Transfer Protocol-based interrogations and other types of reconnaissance.When these sweeps occur, the Scout responds with data that is similar to that sought – such as an IP service or a NetBIOS resource – but is bogus. If and when a hacker tries to come back using the bogus information, ActiveScout recognizes its handiwork and can deflect the attack and either sound alarms or, working with the firewall, shut out traffic from the offending host. Pretty slick. Other ActiveScout components include the Management Server, which is used to collect information from multiple Scouts and distribute updates when a recon effort has been identified; and the Enterprise Manager, a Java-based tool for generating reports about attack attempts and responses.One downside is ActiveScout only works with Check Point’s FireWall-1, although APIs for other firewalls are available. Another problem is that the box doesn’t do anything to protect you from attacks that aren’t proceeded by reconnaissance, which are apparently on the rise.Nonetheless, it would appear that using ActiveScout at best would defeat some attacks before they got going and at least reduce the false positives that firewalls and intrusion-detection systems generate. And ActiveScout seems to require little care and feeding, which is a blessing given the hand-holding those other approaches require.New CEO Kent Elliott says a system with a T-1 port costs about $10,000 retail. Higher-capacity boxes are in the works. Recognizing that most security threats are internal, Elliott also says ForeSout will come out in the third quarter with a product designed for use in front of internal firewalls to help companies identify local bad guys. Related content news EU approves $1.3B in aid for cloud, edge computing New projects focus on areas including open source software to help connect edge services, and application interoperability. By Sascha Brodsky Dec 05, 2023 3 mins Technology Industry Technology Industry Technology Industry brandpost Sponsored by HPE Aruba Networking Bringing the data processing unit (DPU) revolution to your data center By Mark Berly, CTO Data Center Networking, HPE Aruba Networking Dec 04, 2023 4 mins Data Center feature 5 ways to boost server efficiency Right-sizing workloads, upgrading to newer servers, and managing power consumption can help enterprises reach their data center sustainability goals. By Maria Korolov Dec 04, 2023 9 mins Green IT Servers Data Center news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe