Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Extreme Enters Zero-Day Fray

The menace of zero-day attacks was a major concern of attendees at last years Interop conference in Las Vegas, and now switching specialist Extreme Networks Inc. (Nasdaq: EXTR) has become the latest vendor to join the fray (see Security Approaches Day Zero).

Zero-day attacks, so called because they use previously undocumented virus signatures, are becoming a major headache for IT managers. Existing security technologies, such as firewalls, often rely on a constantly updated list of these signatures in order to identify an attack. So, if the signature is unknown, it poses a real problem.

At Interop next week, Extreme is suggesting its own solution -- a new Sentriant security appliance and an overhauled ClearFlow analysis engine, which examines traffic passing through Extreme's BlackDiamond 10K switch (see Extreme Bolsters 10-GigE Security).

Extreme has added a security rules engine to the ClearFlow architecture, which now checks abnormal behavior such as unusual TCP requests. If these are identified, the traffic is sent to the 2-rack-unit high Sentriant box. The device then decides whether the threat is real or not, and sends a message back to the switch telling it, if necessary, to “throttle” the traffic.

But Extreme is not the only company looking to tackle this threat, although most solutions currently available on the market are software-based. Of these, the best known is Cisco Systems Inc.'s (Nasdaq: CSCO) Security Agent product, although a raft of startups are also attacking this space (see Startup Avinti Acts on Zero Day and eEye Launches Blink).

  • 1