New tool puts lid on worms

Cybersecurity company Silicon Defense has unveiled a new system aimed at stopping the spread of computer worms across organizations' internal networks.

With CounterMalice, information technology administrators can divide their organization's network into cells and prevent worms from spreading from one cell to the next, said Stuart Staniford, Silicon Defense's president.

"If you have a distributed organization with many offices, each office might be a cell. You can put CounterMalice at the entry point to each cell," he said.

As a network-based system, CounterMalice performs traffic analysis, identifying signs of worm-spread patterns. It can then automatically block the worm by stopping an infected host system from communicating with its intended target. Computer worms are programs that rapidly self-propagate by exploiting security flaws in widely used applications and services.

The tool is hitting the streets just as a new computer worm, Lovegate, spreads across the Internet. It was discovered Feb. 23 and has been found worldwide, most notably in the United Kingdom, Germany, throughout Europe and in Asia.

Lovegate operates by replying to messages in a Microsoft Corp. Outlook or Outlook Express user's e-mail inbox. In addition, this worm has a backdoor Trojan component that could enable the attacker to gain remote access into infected systems, according to officials with Network Associates Inc.'s Antivirus Emergency Response Team (AVERT). AVERT has categorized the worm as a medium risk.

"Worms can spread so fast and use a variety of methods to tunnel into a company. Our starting position is that you can't close down the network completely. You have to try to contain the initial infection," Staniford said.

Silicon Defense "is addressing a pain point that is important," said Pete Lindstrom, research director at consulting firm Spire Security LLC. However, the product requires "a leap of faith" because its true effectiveness can only be determined during a worm outbreak. But the leap is not a sharp one because the "Silicon folks know their stuff," he added.

Silicon Defense began by doing research in Internet security for the Defense Advanced Research Project Agency in 1988.

Lindstrom advises that IT administrators who are considering deploying CounterMalice should make sure their network is compartmentalized correctly. If an organization has a geographically dispersed network with links to other offices, an obvious area to place the system would be on links to virtual private networks or leased line connections, he said.

Pricing for CounterMalice starts at $25,000.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.