Wednesday, March 14, 2007

IPS without signatures or log analysis

ForeScout is a company that claims to have an Intelligent IPS that uses
an entirely unique approach to preventing network attacks from "zero-day" threats such as self-propagating malware and hackers/espionage without using signatures, anomaly detection or any form of pattern matching technology. ForeScout's solution has proven its accuracy by detecting in real-time every self-propagating threat to date and has gained the trust of 100% of our customers who use the appliances in automatic blocking mode.

In summary: Malwares are detected when probing the network for vulnerabilities. Any request to a non-existing IP address is assumed to be a certain indication of a malware, thus it should be stopped. The IPS answers each malware request with some marked information, and when the malware sends a new request with the marked information, it can be stopped before it can make an real intrusion attemp.

Comment: This seems to be a neat solution. Though, if it is true: why is research in this area still needed?

powered by performancing firefox

No comments: