LinuxPR: Software Developers Unveil Behavioral Approach to Securing Linux IT Enterprise

To err is human.

But sometimes, human error can cause devastating consequences.
Especially when the errors result in security vulnerabilities in
the software products relied upon by businesses.

The people who write the code that runs software products make
errors. The people who install the software make errors. And the
people who use the software make errors.

All of these “human errors” can provide a window of opportunity
for both external and internal perpetrators who want to exploit the
software’s vulnerabilities to attack a business. And if these
threats are not kept in check, it can result in the destruction or
theft of invaluable intellectual property and compromise an entire
business.

These days, security threats are all too real, as we’ve all
witnessed recently with viruses and worms such as “ILOVEYOU” and
“CODE RED” that wreaked havoc on businesses worldwide.
Unfortunately, the security industry’s response to such threats is
largely ineffectual, as it is reactive by nature. It simply cannot
keep pace with the plethora of new viruses, innovative hackers, and
malicious employees working out new ways to attack our systems.

Cylant, a division of Software Systems International, has gone a
long way toward solving this problem with CylantSecure.
CylantSecure is a host-based intrusion detection software product
that takes a proactive, rather than reactive, approach to security.
Through behavioral measurement, CylantSecure is able to detect
malicious activity in real time and control the operation of the
software to report and immediately stop any aberrant behavior.

CylantSecure was designed by Dr. John Munson, a University of
Idaho professor and NASA contractor who has spent the last 30 years
figuring out how to make software more reliable – software the
likes of which powers the Space Shuttle and the Cassini spacecraft
(which is currently hurtling toward Saturn).

By turning around the entire way of looking at securing
software, Dr. Munson and his team have created a new security
paradigm based on controlling the software’s functionality.

The concept is really quite simple, according to Munson:

“The potential for a system to be compromised is a system
failure,” he said. “A security process that can keep a system
secure in spite of these vulnerabilities is becoming a necessity.
As our IT enterprises continue to be hacked and infected, it is has
become apparent that the current vulnerability-driven security
process is not up to the challenge.”

When software developers create software, they are concerned
with its functionality (what it CAN do), not the ability to control
it – or make it to NOT do so ecd mething. Hackers and others are
thus able to compromise systems by taking advantage of the
software’s functionality and creating malicious ways to exploit it.
However, by continuously monitoring the software and controlling
what it is and is not allowed to do, CylantSecure can foil a
hacker’s attempts before they are able to cause damage.

The essence of CylantSecure is its focus on behavioral control
and preventative security. CylantSecure is the “watch dog” of the
IT enterprise in that it is programmed to detect unusual – or
malicious behavior – and react so that the behavior is immediately
terminated.

“We recognize that it is impossible to develop complex software
without vulnerabilities,” said Scott Wimer, Chief Technology
Officer of Cylant. “The current approach – that of reacting to
hackers, viruses, and malicious or mischievous employees – is a
elaborate game of `chase’ that can’t be won. CylantSecure works
because it detects unusual or anomalous behavior when it occurs.
Once detected, your policy driven actions take the necessary steps
to stop the attack before it can cause damage.”

Most attacks change the behavior of the software being exploited
in a measurable way. CylantSecure uses sensors to monitor the
behavior of the software, along with a statistical analysis engine
to identify any abnormalities in the behavior. Through continuous
behavioral monitoring, CylantSecure can send administrators early
warning of attacks, so appropriate measures can be taken. Such
measures might include shutting down the program, shunning traffic
from the attacking IP or performing system state analysis.

As opposed to the reactive approach taken by other security
software products, ClyantSecure provides a new way of looking at
security – one based on preventative measures rather than action
taken after the damage is done.

According to Wimer, this approach is easier for system
administrators. Instead of having to respond to completely
uncontrollable events (the discovery of vulnerabilities,
publication of exploits, security patches), administrators using
CylantSecure update it’s behavioral models when they add new
software, roll-out or decommission services, or when business
practice changes cause a change in the way their software is
used.

These days, security is not just a technical problem to be
worried about by the IT department. It is a business problem. And
no business can afford the expense, the down-time and the intrusion
upon its intellectual property that can occur at a hacker’s whim.
CylantSecure allows businesses to stop the hacker, instead of
letting the hacker control the business.

Summary of CylantSecure’s benefits:

• Attacks are stopped before they can cause damage
• Costly attack repair and recovery is eliminated
• Dependence on expensive security staff is reduced
• Internet servers are protected
• Service availability is increased
• Systems are defended against both known and unknown
  attacks

Features of Cylant Secure:

• Kernel level attack detection
• Customizable response actions
• Support for multiple operating systems
• Real-time detection and response

About Cylant

Cylant, a division of Software Systems International, uses
engineering principles to solve the business problems caused by
vulnerable software. Rather than chasing the latest vulnerability,
CylantSecure uses measurement and control to prevent security
incidents in spite of vulnerable software. Cylant’s customers
include NASA’s Jet Propulsion Laboratories, DARPA (Defense Advanced
Research Projects Agency) and Sun Microsystems. For more
information, visit www.cylant.com. For questions, contact
info@cylant.com.

Press
Release