Start-up Looks to Prevent Botnets

By Dave Nixon

Arguing that it may possibly change the face of network security by automating and refining the generation of malware signatures, a start-up with US military support will embark on beta-testing a security appliance this month.

The start-up, Nemean Networks, was co-founded by Paul Barford, a computer scientist at the University of Wisconsin, Madison, and is named after the first of Hercules’ 12 tasks - to kill the Nemean lion, a beast with an impenetrable coat.

The appliance is presently known as the A1000 and is scheduled to commence on a four- to six-month on-site testing phase with several possible enterprise clients this month, following which the company aims to start commercial production, according to Nemean.

One of the company’s benefactors is an investment group created by University of Wisconsin alumni, which aims to take advantage of the university’s intellectual property, and Nemean’s technology is founded on four distinctive patents either already filed or in progression with the Wisconsin Alumni Research Foundation (WARF).

Barford perceives automation as the next step in the arms race with Internet attackers, and one of Nemean’s improvements is to dispense with manually produced signatures, automating the process.

Concurrently, Barford asserts the signatures consequently generated are further comprehensive and practically remove false positives.

A test comparing Nemean against a present intrusion deterrence technology illustrated equally with a similar detection rate for malicious activity, but Nemean generated zero false positives, compared to 88,000 from the comparison technology in the same time period, Barford said.

A single Nemean signature can be used to detect an entire class of attack, Barford said.

Nemean also aspires to provide network administrators a more in detail reports of malicious activity around the network, arguing a clearer perception of the state of affairs is the only way administrators can expect to progress security.

The product will just work on detection and awareness, Barford clarified: users will still require a separate capability such as a firewall for actually blocking attacks.

Security experts have long warned that usual signature-based systems are going the way of the dodo, due to the rising complexity and vigour of attacks.

Barford’s research is getting major attention from the military, with funding from the US’ National Science Foundation, Army Research Office and Department of Homeland Security. The technology was developed and tested primarily at the Wisconsin Advanced Internet Laboratory (WAIL).

Signature-based technologies are now “crumbling under the pressure of the number of attacks from cybercriminals,” said Art Coviello, president of RSA, the security division of EMC, at a conference last year.

“Today, static security products are just security table stakes,” Coviello said. “Tomorrow, they’ll be a complete waste of money. Static solutions are not enough for dynamic threats.”

He argued behaviour-blocking and “collective intelligence” technologies will be the paramount way to efficiently fight viruses.