HP Finds a Place for Virus Throttler

Posted by: Digital Geek

HP Finds a Place for Virus Throttler - 02/12/05 05:09 PM

New technology on servers and switches from Hewlett-Packard will slow virus outbreaks on computer networks that use the HP products, the company says.

On Friday, HP announced commercial implementations of technology it calls "virus throttling" that can slow the rate at which viruses and worms spread inside a corporate network. HP is offering the virus throttling software for ProLiant Servers and ProCurve Networking by HP 5300 series switches. HP also unveiled the Security Containment software suite, which locks down software applications that have been compromised by an attack, says Tony Redmond, head of HP's Security Office.

The new software delivers on technology HP unveiled one year ago at the RSA Conference and is part of HP's program to develop technology that keeps computer networks operating in the face of fast-moving attacks. HP will be demonstrating both new technologies at the 2005 RSA Conference next week in San Francisco, Redmond says.

Cutting Off Connections
Virus throttling is a technology developed at HP Labs, the company's research facility, which can spot systems on a computer network that are attempting to make a large number of network connections, a common symptom of virus infection. After identifying an infected system, the software notifies administrators and automatically chokes off, or "throttles," outbound connections from it, which keeps the system online but prevents the virus from spreading rapidly, Redmond says.

Virus throttling won't prevent infected computers from communicating with other systems on a network, but it will keep them from bogging down other computers and applications and allow legitimate traffic to circulate. The technology is intended to be a tool that will allow organizations to keep their network functioning even if a virus slips through perimeter defenses, he says.

"If you have a mistake in your firewall or IDS [intrusion detection system] and a virus gets through, it can wreak havoc in your corporate environment. Administrators can find it difficult to cope, trying to swim upstream against a mass of viruses that are trying to connect at hundreds or thousands of connections a minute," Redmond says.

The virus throttling feature is available on ProLiant Servers running Microsoft's Windows 2000 or 2003 Server, as part of the ProLiant Essentials Intelligent Networking Pack, which can be purchased from HP for $149. The feature is also available as a free download for ProCurve Networking 5300 switch customers who have active maintenance and support agreements. HP hopes to add the virus throttling features to more of its switches in the future, Redmond says.

Security Suite
Also on Friday, HP announced the HP Security Containment suite, a software package for systems running the HP-UX 11iv2 operating system. It allows administrators to create secure virtual environments that prevent applications that are damaged or hijacked in an attack or virus infection from affecting applications or files elsewhere on the server, Redmond says.

The addition of virus throttling features in two products is proof that research done in the HP's labs can find a quick path to the company's products, Redmond says.

But HP has also experienced some hiccups along the way. In August, Redmond said that virus throttling would be challenging to implement in diverse networks, citing conflicts with Microsoft's Windows operating system.

While the company has ironed out those problems, a second technology that was unveiled at last year's RSA Conference, dubbed "Active Counter Measures," is still being field tested with HP customers and internally at the company.

Active Counter Measures allows administrators to find machines even if they are outside of the company's patch management system or "unmapped," or are unknown to administrators. Network administrators can then "vaccinate" vulnerable machines by pushing out configuration changes or policies that prevent infection. HP has said that it hopes to release the product in 2005. On Thursday, Redmond called Active Counter Measures a "promising technique," but did not offer any target dates for releasing the product.

SOURCE