Day-Zero WMF Attack No Match for Mirage Networks

Mirage Networks, developers of Network Access Control technology, has announced that its behavioral threat detection technology detects and defends networks from attacks leveraging the widely-reported Windows Metafile vulnerability. A patch is not yet available for this vulnerability, using the Mirage NAC solution is one way to easily and seamlessly protect the network.

The yet unnamed attack is a blended threat, which: downloads spyware to mine infected machines for information; downloads a mail server to distribute itself and potentially cause distributed denial of service attacks; and by way of site spoofing, phishes for personal and credit card information. Even fully patched Windows XP SP2 machines are vulnerable to this threat.

The core of Mirage's NAC solutions is a set of behavioral rules, which detect behavior that is indicative of threat propagation. Since the threat downloads a mailer to distribute itself via email, the behavioral rules detect that the infected machine is engaging in behavior that is not characteristic of a clean machine. Mirage NAC then sends the infected device to a quarantine server, to enable remediation.

The company stresses that patching is necessary; however, relying on patching to protect networks from worm attacks is unrealistic. According to Gartner, best-of-breed organizations have control of only about 80 percent of the endpoints on their networks. The reality of mobile computing is that devices are not always patched in a timely manner, and inevitably, errors will occur.

Mirage Networks' unique NAC approach ensures continuous monitoring of every network-attached endpoint. Its technology uses behavioral detection to find and surgically isolate endpoints either propagating threats or violating security policy. The out-of-band appliance detects, slows and isolates threats that are introduced onto the network by mobile computing, remote connections, and day-zero malware - complementing perimeter security solutions and giving companies a more complete, in-depth security defense infrastructure.

write your comments about the article :: 2005 Computing News :: home page