Memory firewall to the rescue

Last month I met with Nand Mulchandani and Charles Renert of Determina, which has developed unique security software that the company claims stops all memory-based attacks--such as stack and heap overflows, format string vulnerabilities and shatter attacks. Given that every critical server vulnerability in the last few years has been memory-based and about 60 percent of Windows vulnerabilities as well, Determina has tapped into the major root of the cybersecurity problem. Currently running on Windows operating systems (2000, 2003, XP) and servers (IIS, SQL Server, and Exchange), Determina SecureCore 2.0 inspects instructions as they are executed. The software detects any activity that doesn't conform to the Application Binary Interface (ABI), and runs validated code in a secure code cache at full native speed. SecureCore doesn't require any signature files or special configuration to ferret out malicious code. A version for Windows NT 4.0 is due in the fall and a Linux version is in the works, according Mulchandani, vice president of marketing and business development. Pricing starts at $650 per server agent.

The technology came from a memory firewall developed over 8 years at MIT, led by Saman Amarasinghe, who is CTO at Determina and an Associate Professor of the Department of Electrical Engineering and Computer Science at MIT and a member of the Computer Science and Artificial Intelligence Laboratory (CSAIL).  The company was formed in March 2003 and has received $19 million to date from blue chip VC firms. The secret sauce is the security checking inside of running applications, said Renert, director of security research at Determina. "We are watching instructions as an application is splashed into memory in a protected process, going through the memory firewall.  We know if a piece of data tries to hijack instructions and can stop any code injection attack," Renert said. Other products deal with buffer overflows, but they approach the problem with policies or pattern matching, which can minimize but don't eliminate memory-based attacks. 

Mulchandani said the company has more than 10 customers for SecureCore, including Sappi Fine Paper North America, a division of a $4.7 billion South African manufacturing company. The company is also working on  OEM agreements with partner to bundle SecureCore with other products or services.