| HP also announced that HP Labs, the company’s central research facility, has begun collaborating with two prominent partners to test new damage containment security software aimed at simply and effectively preventing certain viruses from corrupting entire systems.
The increasingly malicious nature of today’s worms and viruses, and the rapid rate at which they spread across networks, makes it difficult for IT administrators to react quickly enough to limit the damage that an attack may cause to corporate systems. HP Virus Throttle software addresses this problem by helping businesses detect, contain and slow the rate at which an attack spreads inside the core of the IT infrastructure.
Originally developed in HP Labs, the software is now available for HP ProLiant Servers (in the ProLiant Essentials Intelligent Networking Pack (INP)) and ProCurve Networking by HP 5300 switches.
In line with HP’s commitment to continually improve the level of built-in security across its complete portfolio, the company also announced the HP Security Containment suite, which ensures that applications compromised by an attack will not be allowed unauthorized access to other applications or files, is now available for the HP-UX 11iv2 operating system.
HP will demonstrate these technologies at booth 622 at the RSA Conference 2005, Feb. 14-18 in San Francisco.
“If IT systems were ’intelligent’ enough to automatically detect and shut down attacks before they spread, administrators would spend less time and money trying to catch up, said Tony Redmond, vice president and chief technology officer, HP Security Office and HP Services. “At HP, we’re focusing our security research and development and working with our industry partners, to come up with new solutions to make IT infrastructures more intelligent and help our customers address their biggest IT security challenges.”
HP security technologies enable the Adaptive Enterprise, HP’s vision in which IT is dynamically linked with business objectives. With these solutions, HP helps keep businesses up and going in the face of IT security threats, compliance and identity management challenges, so that businesses are spending less time on IT maintenance and more time on innovation.
Virus Throttle Software – A new approach to virus protection
HP Virus Throttle software takes a non-traditional approach to virus protection. Traditional virus scanning solutions – which often rely on existing virus signatures provided by third parties – can be ineffective at protecting against new viruses, which can spread in a matter of seconds.
In contrast, Virus Throttle adopts an approach of detecting an abnormal, virus-like behavior, and slowing down the number of different connections the infected machine can make until an administrator can determine if they are viral in nature and take further action.
Virus Throttle works to monitor network connection requests and detect abnormal activity of the type typically exhibited by a worm or virus that is attempting to propagate itself within a network. The faster a virus tries to spread itself, the faster Virus Throttle reacts - and it reacts automatically, typically in milliseconds, without waiting for human attention. Virus Throttle does not interfere with normal system or networking operation and only affects the viral process while all normal traffic continues unimpeded. Once detected, Virus Throttle prevents the worm or virus from making network connections and thus chokes off its ability to propagate. Virus Throttle flags the presence of the worm or virus to the system administrator, who can then take the appropriate action to remove the worm or virus from the system.
Virus Throttle software is now available on industry-standard HP ProLiant servers and the HP BladeSystem architecture via an enhanced ProLiant Essentials Intelligent Networking Pack. The pack provides an extra layer of protection against virus attacks when an attack is not detected by a firewall or anti-virus software. Priced at $149.00, the ProLiant Essentials Intelligent Networking Pack also includes advanced teaming features for improved network performance and availability. More information is available at the ProLiant Essentials Intelligent Networking Pack site.
ProCurve Networking 5300 switches equipped with Virus Throttle can detect virus-like activity as traffic enters and passes through the switch. Then, the infected system is “throttled” back to a point where the virus slows to a crawl. At the same time, the network administrator is notified of the attack so that they can take action to disinfect the affected system and remove the virus before it spreads any further. ProCurve Manager Plus can also be used to receive the indication from the switch that virus activity has been detected, and shut down the switch affected.
The ProCurve Switch 5300 is typically deployed at the edge of the network where users and devices connect. The Virus Throttle solution further extends the security framework of the ProCurve Adaptive EDGE Architecture. Read the technical brief to learn more on how this technology works.
ProCurve Virus Throttle is offered as a free software download for customers who currently own or purchase the ProCurve Switch 5300xl. More information is available at the ProCurve Web site.
Security Containment for HP-UX 11iv2
HP Security Containment for HP-UX 11iv2 is a suite of security technologies designed to improve customer value while lowering the cost of customer IT infrastructure. HP has incorporated these enhanced security features into the mainstream HP-UX 11iv2 operating environment to help businesses combat the increasingly complex threats of attackers. With Security Containment, customers are assured that compromised applications will not be allowed unauthorized access to other applications or files on the system.
When Security Containment is combined with HP’s virtualization continuum and workload management systems to form Secure Resource Partitions, customers can realize significant improvements in total cost of ownership by ensuring that unplanned downtime from security invasions is virtually eliminated.
Secure Resource Partitions provide a mechanism for stacking multiple applications within a single operating system image while ensuring security between dedicated resources for each application. More information is available at the HP-UX 11i v2 security containment site.
New Research from HP Labs
Today, typical applications have the same automatic access and privileges to other applications and parts of the computer system as does the user. This means that any one application that becomes infected with a virus can spread it throughout a system and damage unrelated programs and information. Even commonly used programs, like solitaire, could infect a computer system.
Experimental HP Labs software now in development addresses this problem by providing an easy-to-use mechanism for Windows® XP users. The approach HP Labs scientists are working on is aimed at configuring applications so that they automatically launch in a restricted environment and have only the permissions they need to perform their primary purposes. That is, they are given the “least authority” they need to operate and are prohibited from accessing files they don’t need. However, this limit does not affect the application’s usability.
Early research has shown that the HP software simply and effectively limits the damage an infected application can do, preventing certain viruses from corrupting entire systems. HP Labs is conducting trials of the new software as part of the Critical Infrastructure Protection Project within the School of Public Policy at George Mason University and with the U.S. Navy’s Fleet Numerical Meteorology and Oceanography Center.
“George Mason University is very pleased to be actively involved in this research effort as this software has the potential to drastically reduce the damage from viruses and spyware,” said George Mason University President Alan G. Merten.
“At Fleet Numerical, we are evaluating HP’s software for possible integration into a local project which is designed to provide a solution for zero-day malicious computer attacks. The software is being run locally on several PCs as a test bed,” said Lieutenant Dean Moran, Exploratory Projects Division, Future Readiness Branch, Fleet Numerical Meteorology and Oceanography Center.
About HP
HP is a technology solutions provider to consumers, businesses and institutions globally. The company’s offerings span IT infrastructure, global services, business and home computing, and imaging and printing. For the four fiscal quarters ended Oct. 31, 2004, HP revenue totaled $79.9 billion. More information about HP (NYSE, Nasdaq: HPQ) is available at the HP Site.
|
