The HP exhibition space at the RSA Conference 2004
HP announced the formation of new security services that will enable enterprise customers to holistically and proactively protect their networks and connected devices from today’s most prevalent security threats. The new services – called Active Countermeasures and Virus Throttler, respectively — are part of HP’s ongoing efforts to provide customers with secure Adaptive Enterprise solutions.
What’s interesting to note is that HP’s Active Countermeasures service is inspired by biological processes like the human immune system. The service uses the same vulnerabilities exploited by attackers to protect against a potential threat and prevent widespread damage to network systems.
Speaking with Help Net Security about HP’s Active Countermeasures, Joseph N. Pato, Distinguished Technologist, Trust, Security and Privacy, HP Labs said: “The differences in HP’s Active Countermeasures are that we’re taking advantage of existing vulnerabilities and building our own exploit to deliver the mitigation mechanism onto the platform. All machines on the network are discovered and dealt with even if they are not part of your patch management system. Our mechanism takes care of finding them and providing the best and most appropriate policy that administrators have chosen onto those machines.”
In large enterprises, it is next to impossible for security administrators to keep track of all of the machines connecting to their networks at all times. A significant percentage of machines are unmapped or do not comply with security policy, and therefore represent vulnerable points in the network. Active Countermeasures addresses this issue by first running a periodic vulnerability analysis based on the latest advisories from CERT, ISA and other security organizations, then registering the threats with the highest probability and risk. Active Countermeasures then scans the network for machines vulnerable to those threats and automatically deploys policy-driven mitigation techniques.
HP’s Virus Throttler service dramatically slows the spread of an attack, virus or worm by limiting the number of different destinations an infected computer can attempt to connect to in a single second. The faster an attack attempts to proliferate itself, the faster the Virus Throttler service recognizes the problem and chokes it off, which prevents excessive network loads.
The technology underpinnings for these new services were developed in HP Labs, where researchers worked with HP’s internal IT security staff to deploy and test them on HP’s own infrastructure, which spans 247,000 networked devices around the world.
HP currently is working with select customers to refine these services and anticipates that they will be generally available towards the end of 2004.