Immune to attacks: Start-up has new medicine
- By Jack Vaughan
The application and operating system levels are the places to focus on when
detecting and blocking hacker attacks, said the founder of a new technology
company pledged to provide better computer security. Steven Hofmeyer, chief
scientist at Sana Security Inc., said present methods fail because they focus on
the Web server, on standard software and on rules-based methods.
Hofmeyer's Sana start-up today released Primary Response 1.0, security
software that is said to monitor application code paths, build profiles of
normal behavior, and detect attacks when code begins to behave in unexpected
This is something in the manner of how the human immune system protects the
body from disease, said Hofmeyer, who began to apply the means of human
immunology to computer software while at the University of New Mexico in the
mid-'90s. His firm is now funded by venture capitalists, including Sevin Rosen
''Typical intrusion-protection systems today target the Web server. But there
is no such thing as a typical Web server program,'' Hofmeyer said. Instead, he
continued, there are ''such things as CGI scripts that are unique.'' Security
detectors today, he indicated, tend to work only on known worms.
Even known worms are dangerous, as rules-based patches are not universally
and immediately installed when vulnerabilities are identified. Primary Response
is said to detect known attacks, as well as unknown or ''zero-day'' attacks that
other systems miss. When attacks are detected, the Sana software blocks file
As the recent SQL Slammer worm has shown, Web-based worms are capable of
burrowing deep into a corporation's back-room software infrastructure. ''This
[worm] was particularly insidious as, once it was into one SQL Server database,
it went out and looked for other SQL Server DBs,'' said John Zicker, Sana
Security president and CEO.
Jack Vaughan is former Editor-at-Large at Application Development Trends magazine.