IBM’s Billy Goat to lock horns with malicious coders

IBM is taking security software it created to handle its own exposure to viruses and worms and offering it as a commercial product through its consulting division.

The company on Monday announced the release of Billy Goat, developed at Big Blue’s research lab in Zurich and made available through a partnership called On Demand Innovation Services (ODIS). Named after an animal that was used as bait for a dinosaur in the film Jurassic Park, Billy Goat uses virtualization techniques to create a simulation of actual servers. This is intended to fool malicious software by allowing it to send requests to unused IP addresses, which then alerts IT departments responsible for protecting real IT infrastructure.

Guy Denton, worldwide manager of IBM’s ethical hacking practice, said the research team started working on Billy Goat in 2003, when the rise of “zero-day” attacks where worms and viruses are released the same day they are created were infecting its employee systems. Like most companies, IBM installs antivirus on all its computers, but for laptops and other devices keeping abreast of updates was a challenge, he said.

“It was very painful for IBM. You could have sections of a company brought down to a complete standstill,” he said.

Bill Goat does not shut down ports or switches, Denton said, but it can be used as a networking monitoring and alert mechanism, which could be the first stage of preventing damage to an organization. IBM is hoping the tool will act as a complement to its consultants who help companies configure their network responses to attacks from worms or other malicious code, he added.

Joel Greene, vice-president of security research at IDC Canada in Ottawa, said he wasn’t aware of a tool quite like Billy Goat, though he noted that ethical hacking have deployed similar techniques for years. IBM’s technology would take what is commonly used in testing and apply it in real time, he said.

“If it works as soundly as they say it does, any product that gives more information vis-a-vis security as got to help,” he said. “The question is, how does (the worm) know to attack the fake network and not the real one?”

Denton said there were no guarantees that wouldn’t happen.

“It might see both at the same time,” he admitted, though Billy Goat is intended to create enough of a presence in terms of IP addresses that it becomes a significant target. “There’s always some element of network discovery (by worms and viruses) in the first place and an effort to find what’s out there.”

Canadian security researchers are also interested in the idea of hacker bait. The U of T, for example, recently said it was experimenting with photonic decoys in the form of laser light particles that would detect any attempt for a worm or virus to enter the data stream of a fibre-optic cable and warn network administrators.

Denton said IBM is using Billy Goat internally on a global basis and has already developed some complementary software that may be released to customers as well, though he would not offer any details.

Comment: [email protected]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Shane Schick
Shane Schick
Your guide to the ongoing story of how technology is changing the world

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.