A new device that quarantines different portions of a computer network could stop worms and viruses infecting an entire company once they have breached its perimeter defences.
The InterSpect system, unveiled by California-based network security company Check Point on Tuesday, monitors network traffic for signs of suspicious activity. It can then automatically isolate a single computer or a group of machines to prevent wider infection.
Most companies have numerous defences at the perimeter of a network, including anti-virus software, firewalls and intrusion detection systems. But once one computer has been infected, there is normally little to prevent it from spreading viral code to every other machine on the network. A common way for a worm to wriggle through perimeter defences is aboard a laptop brought into the office.
Recent computer virus epidemics have taken down the entire computer networks of large companies. Part of the problem is that anti-virus software can only detect known threats.
Advertisement
Suspicious characteristics
Check Point’s David Aminzade claims that InterSpect can identify previously unseen threats by analysing individual network packets for characteristics associated with a worm or virus.
This might include a misleading packet header or use of an unusual communications port. The system can also be configured to look out for more specific behaviour.
“It does a very detailed search of the patterns of the packets coming out of a machine,” Aminzade told New Scientist. “Once it detects that something is unsafe it quarantines a machine and alerts the IT department that they need to take action.”
Pre-emptive attack
There are competing methods of preventing networks from being overrun by a worm or virus, such as Cisco’s Network Admission Control software. This software has to be installed on every network-connected computer.
InterSpect does not, monitoring data packets from central points in a network. Check Point claims this makes it is easier to manage and less prone to false alarms.
“Combating today’s sophisticated attack environment requires intelligent, pre-emptive attack solutions that go beyond protecting the internet perimeter,” says Richard Stiennon at US research group Gartner. “In 2003, the world watched Slammer, Sobig and Blaster ravage and bring down internal networks.”
An InterSpect server costs between $9000 and $39,000 depending on the size of a network.
