The business world has entered into an era of online attacks and exploits that requires improved host-based intrusion prevention software, Network Associates Inc. said Tuesday.
In a Webcast, Marc Davis, senior security consultant,
Network Associates expert services in Santa Clara, Calif., said McAfee Entercept will sit on a firm’s servers rather its perimeter as a last line of defence and prevention.
“”Businesses run on applications, applications run on servers. This is why our host-based intrusion prevention technology sits on the application layer,”” he said. “”Intrusion prevention locks down each and every server on every level.””
With three versions of Entercept available (standard, database and Web editions), the technology is designed to provide enterprise-class security that is manageable, he said. According to Davis, Entercept is a more cost-effective solution than detection and monitoring and effectively defends a business’s critical assets from malicious attacks like buffer overflows and worm including Code Red, Nimda and the recent SQL Slammer.
“”Over 5,000 servers worldwide were infected in three minutes by SQL Slammer,”” he said. “”It nearly brought the Internet to its knees. When Slammer hit, it revealed the gap between security and security management. The database is where your company’s core competencies lie, it holds the lion’s share of your company’s data.””
Citing figures from a recent FBI report on damages incurred by 490 U.S.-based companies as a result of nefarious online attacks, Davis said over US$70 million is attributed to proprietary data theft.
“”The database is your company’s crown jewels,”” said Douglas Hurd, senior product marketing manager, McAfee System Protection Solutions. “”Intrusion prevention goes to the root of the problem and effectively shields your database, and it prevents attacks from being launched from your database.””
Davis said Network Associates recognized the challenge large enterprises face with regards to security is balancing cost with business continuity and risk and technological infrastructure. However, he added, he’s yet to visit a large company that has its network completely secured.
“”Despite our best efforts, networks still have vulnerabilities,”” he said, turning his sights on insider vulnerabilities. “”The trusted environment is not trusted . . . add on visitors to your Web site, vendors and partners connected to your network and your own staff using P2P (peer-to-peer) software like Kazaa, let’s face it, their knowledge of security is limited.””
Entercept performs specific functions. It prevents malicious access to system resources by intercepting system calls to the operating system and blocking calls that would result in malicious behaviour. The proactive attack response feature blocks malicious actions before any damage is done, while the secure self-contained agents are deployed per server and are controlled and updated from a central management console.
A policy database ships with a fully configured default template incorporating customization features, allowing false positives to be virtually eliminated, and the technology’s event notification feature can generate e-mail messages, create pager notifications, send SNMP traps, and spawn custom processes. Moreover, Davis said Entercept is interoperable as SNMP trap data is available for integration with management systems and it will compliment existing security measures.
“”This product overcomes the limitations of intrusion prevention,”” he said. “”It’s your last line of defence after all other controls have done their job . . . it’s a paradigm shift from detection to prevention as the threat landscape has changed.””