Three May Day Launches
Today FireEye is coming out of stealth mode with what I want to call VM IPS: Intrusion Prevention Systems running on Virtual Machines. The product resides not at the gateway but in the wiring closet with the LAN switch. It detects PCs with malicious behavior like a worm or Trojan by running their traffic through a set of Windows instances on one appliance. It can then instruct the LAN switch to deny access or quarantine it until it can be fixed up. This is far better than those so-called Network Admission Control solutions that rely on the PC to report its health before being allowed on the network. (The PC is infected and you are going to trust it?)
The other start-up making its debut is from industry veterans Bob Bales and Roger Thompson who are getting the band back together. Their last gig was Pest Patrol, sold to CA in 2004. Exploit Prevention Labs has an end-point solution, SocketShield, that identifies and blocks malware based on its behavior. The purpose of their product is to protect your PC during that vulnerable stage between when the exploit is made public and a patch is available. It relies on Roger’s research to push out defenses tailored to each new attack. With it you would have been safe from the Windows Meta File exploits that were deployed last Christmas.
Today marks the launch of DarkReading an e-zine devoted to IT security. The name begins to make sense when you realize it is a sister publication to LightReading, the networking e-zine. See my new DarkReading column on why Microsoft should stop working towards their master plan of Windows on everything and support specialized operating systems for different platforms.
This is a good beginning for May. I am posting this blog from the conference room of MuSecurity which is in early ramp-up phase with their Security Analyzer, the Mu-4000, an appliance that can run through millions of checks of a device to see if it is interpreting protocols correctly. I expect there to be at least two dozen more security companies in 2006.