Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Primary Response Quickly Stops Online Attacks

Sana Security has made host-based intrusion-prevention simpler and more effective by creating a security system that shields services without use of static rules or signatures. Its product, Primary Response, protects against vulnerabilities in the OS or in applications that don't have security patches yet. In this review, VARBusiness labs partner KeyLabs puts the product up against MS Blaster.

Remember those old Western movies when, in the blink of an eye, the sheriff would make a quick hip shot with his Colt and down his opponent? We'd marvel at how accurate he was. It also turns out to be a great metaphor for the current state of network security. But instead of a one-horse town, we have an Internet server with Web, e-mail and FTP. And instead of a sheriff, we have an IT manager armed with myriad security tools that are often difficult to keep track of. One new weapon in that arsenal is Primary Response, a host-intrusion prevention (HIP) tool from Sana Security that promises to simplify the job of protecting IT resources from the ravages of the Internet.

It's no secret: Network security has become one of the most critical aspects of a technology manager's job. By simply attaching a device to the Net, you've created a security vulnerability. Whether it's a malicious hacker or the latest Internet worm, service downtime and compromised data present a tangible risk to any organization.

In the past, firewalls, virus scanners and access control lists (ACLs) did a pretty good job of protecting systems against the wilds of the Internet. But with the frenetic pace of today's unrestrained Internet community, it is impossible for operating-system and virus-scanning vendors to issue updates fast enough. What is needed is an adaptive tool that is capable of recognizing and blocking suspicious behavior as soon as it starts. Sana Security's Primary Response does just that. Primary Response is a server-based application that automatically profiles normal system activity and then blocks anything that deviates from that profile. That effectively stops attacks at the moment they start, even if the server hasn't been patched for a particular threat.

Real-time protection from known and unknown threats distinguishes Primary Response from other security products. Each time a new vulnerability is discovered, IT professionals have had to decide the lesser of two evils: whether to install an untested security patch that may break the server, or take a chance against the vulnerability. Primary Response offers a level of protection that will give software vendors time to create patches and for IT professionals to validate the patches before they are installed on production systems.

  • 1