(This is a product spec, rationale and capabilities write-up. This is copyrighted material.)

CounterStorm-1 Capabilities write-up.

CounterStorm-1TM – Today’s best, logically-economical countermeasure against external and internal known, zero-day and targeted hacker attacks.

 

Background Scenario:  Hackers are rising to the challenge of cracking systems networks throughout the information world. Hackers are creating daunting and complex viruses and worms with the intended purpose of stealing intellectual property, private customer data, and possible system disruption. Their attacks mainly are specific and usually targeted against individual, category-specific institutional-financial-governmental system networks.

 

To be clear, most hackers are criminals; usually highly-qualified coding experts who are the farthest thing from an adventuresome, mischievous hobbyist.

 

Opportunity Exploitation:

 

In the case of a targeted attack, some security vendors often are confronted with a time challenge to first, isolate the invading virus; second, further isolate the virus’ code portion; third, identify the virus’ signature; last, author an antivirus patch that will negate the virus.  Unfortunately, when a system is under attack, this procedure takes too much time.

 

Hackers count on the fact that when they launch an attack, the intended target will need time to identify, fabricate and implement a solution. Until that solution is effectively in place, an institution’s entire system can lay exposed to the hacker’s intent. Some recent targeted attacks include the United Kingdom Ministry of Defense, eGold, RIAA – the Recording Industry Association of America, and HSBC Bank, which as reported in April 2005, by HSBC's group COO Alan Jebson, that on a single day the bank’s system had sustained over 100,000 viral attacks.*


Best Countermeasure – an Internal Network Defense security device; one that does not have to be installed at every location on a network system. An efficient device that’s economical.

 

Requirements identifying a systems proficient IND security device -  

 

  • INTERNAL DEPLOYMENT – Although a system perimeter is theoretically protected using various firewall, antivirus and worm eradication technologies, in addition to IDS and IPS, the system remains vulnerable to attacks that manifest internally. It is essential that any anti-hacking solution primarily defends a system’s interior components. CounterStorm-1TM does this.

 

  • SPEED and ACCURACY -  Hacking attacks are spreading across networks at alarming speed. Waiting for a signature to be produced is time-consuming and, thus, unacceptable. CounterStorm-1TM utilizes its own proprietary anomaly detection technology to eliminate the time-drag solution factor. What used to take hours (and in some cases, days) to solve, CounterStorm-1TM has reduced anti-hacking viral infection, and worm outbreak, countermeasure time to a matter of seconds. Eight seconds, on average.

     

      CounterStorm-1TM counters zero-day and targeted attacks utilizing a combination of behavioral attack recognition, anomaly detection and a dynamic honeypot that automatically identifies all network components and identifies how they work. Empiric evidence from each of these three engines is dynamically correlated in real-time to execute immediate and accurate containment of criminal activity – all without disrupting the system’s normal functions, and without throwing false positive alarms. CounterStorm-1TM accurately detects attacks for all IP-traffic (e.g., TCP, UDP, ICMP, etc.) without having to rely on signatures or patches.

 

      CounterStorm-1TM doesn’t sit in line to directly block network traffic as some IPS’s do. CounterStorm-1TM is virtually non-invasive; thus does not attenuate system rate of flow. Whereas, other anomaly detection methods partner with, for instance, Cisco NetFlow® information which further delays attack detection. CounterStorm-1TM acts unilaterally. For example, CounterStorm-1TM would counter a worm outbreak by automatically disabling the port of an infected device or segmenting traffic on a VLAN. CounterStorm-1TM units deployed at LAN segments report back to a management center appliance.  To repeat, this process is usually completed within eight seconds.

 

·        VENDOR AGNOSTIC – Expert network analysts recommend that system security be a layered, best-of-breed and not conflict with pre-existing security solutions.  This comes under the jurisdiction of the ‘dynamic honeypot’ operation: the Internal Network Defense solution should be able to function without making changes and alterations to the existing network’s policy, configuration or architecture.

 

·        NON-SIGNATURE BASED – Signatures take time to develop; hackers count on the signature time-drag for their invasion code to do its job. Best-of-breed CounterStorm-1TM is non-signature based.

 

·        MULTIPLE ENGINE DETECTION – Some limited scope Internal Network Defense products on the market today utilize a single anomaly detection method, which often results in numerous time-consuming false-positive alerts. CounterStorm-1TM uses three proprietary, correlating patent-pending methods – engines – to aggregate and validate all network attack activity in real time.

 

·        FLEXIBLE ACTIVE RESPONSE – Once the invasive agent has been identified, the IND security device must offer response options. CounterStorm-1TM offers two primary operator response modes: Active, and, Manual.

 

                 In the ‘Active’ mode, CounterStorm-1TM automatically stops attacks,                          providing the fastest and most effective protection against extensive                               damage. In the ‘Manual’ mode, CounterStorm-1TM offers operator                               response customization. Both modes utilize the following:

 

1.      Network Switch Integration: CounterStorm-1 automatically locates the physical port of a compromised machine and halts attack propagation by either disabling the port or placing it on a ‘remediation VLAN’ where clean-up can occur without the risk of further damage.

2.      Custom Response: Provides a simple mechanism for creating customized responses to attacks, such as firewall and router ACL rules, and VPN user-blocking.

3.      Software Blocking: CounterStorm-1 uses a combination of advanced packet-injection techniques to effectively neutralize attacks.

4.      Multiple Notification Options: IT staff members are immediately notified of attack activity via SNMP, syslog, e-mail or pager.

 

·        EASE OF DEPLOYMENT – As proficient as some IND devices claim to be, their manufacturers often sidestep ease of device deployment.  With other systems, there’s often scalability and redundancy issues. In addition, there may be rewiring and routing changes to the network. These costly expenses, alone,  may automatically eliminate some anti-attack devices from consideration.

 

 

            CounterStorm-1TM installs with simplicity of ease and offers:

 

1.     Plug-and-Play – Appliance installs easily with no network downtime and requires no host-based agents.

2.     Intuitive Graphical User Interface: Easy-to-use, browser-based management interface allows for rapid configuration, real-time monitoring and historical reporting of attack and response activity.

3.     Centralized Enterprise Management – The CounterStorm-1 Command Center manages a distributed deployment of CounterStorm-1 Sensors to provide an instant, enterprise-wide snapshot of attack and response activity.


Recommended Best Anti-hacker IND DeviceCounterStorm-1TM


*silicon.com – 6 April 2005

© Copyright 2008 - DonMcKay-MarCo- www.donmckay-marco.com - CONTACT