News

Immune to attacks: Start-up has new medicine

• By Jack Vaughan
• February 3, 2003

The application and operating system levels are the places to focus on when detecting and blocking hacker attacks, said the founder of a new technology company pledged to provide better computer security. Steven Hofmeyer, chief scientist at Sana Security Inc., said present methods fail because they focus on the Web server, on standard software and on rules-based methods.

Hofmeyer's Sana start-up today released Primary Response 1.0, security software that is said to monitor application code paths, build profiles of normal behavior, and detect attacks when code begins to behave in unexpected ways.

This is something in the manner of how the human immune system protects the body from disease, said Hofmeyer, who began to apply the means of human immunology to computer software while at the University of New Mexico in the mid-'90s. His firm is now funded by venture capitalists, including Sevin Rosen Funds.

''Typical intrusion-protection systems today target the Web server. But there is no such thing as a typical Web server program,'' Hofmeyer said. Instead, he continued, there are ''such things as CGI scripts that are unique.'' Security detectors today, he indicated, tend to work only on known worms.

Even known worms are dangerous, as rules-based patches are not universally and immediately installed when vulnerabilities are identified. Primary Response is said to detect known attacks, as well as unknown or ''zero-day'' attacks that other systems miss. When attacks are detected, the Sana software blocks file system access.

As the recent SQL Slammer worm has shown, Web-based worms are capable of burrowing deep into a corporation's back-room software infrastructure. ''This [worm] was particularly insidious as, once it was into one SQL Server database, it went out and looked for other SQL Server DBs,'' said John Zicker, Sana Security president and CEO.