Startup computer security company Okena Inc. on Monday announced its first software product, a program that offers proactive network security and is targeted initially at financial institutions and government agencies.
The company's StormWatch software monitors network behavior and tries to stop the likes of viruses, Trojan Horses, DoS (Denial of Service) attacks and hacks, said Eric Ogren, Okena's vice president of marketing.
Conventional security software addresses computer threats that already have been identified, while Okena is designed to both repel existing attacks and seeks to identify probes from hackers before they adversely impact a network, Ogren said.
StormWatch, which is a 400K-byte file embedded in the Microsoft Windows NT kernel and works inside the firewall, monitors network transactions on the server and the desktop, reviewing the traffic and making sure operations do not violate customer-defined rules, Ogren said.
An administrator dictates the rules of the network from a management console. The rules engine can be set as strict or lenient as necessary to protect the integrity of the system, he said. The software can prohibit users to open certain applications or access certain files or directories.
StormWatch also prevents damage from a buffer overflow -- vulnerabilities that open up when the space in a program's code that is reserved for transaction protocols is violated by a poorly designed or malicious program. For example, a hacker could discover in a program's code that there is extra space at the end of a URL (Uniform Resource Locator) string and add some malicious code at the end to sabotage the system. Stormwatch seeks to detect and prevent the code from activating, Ogren said.
StormWatch also monitors server administration ports. An attacker may use port scans, for example, to identify system applications and unprotected ports to penetrate a machine, Ogren said. StormWatch can detect the port scan and take action to stop the scans before hackers gain the information they need, he said.
"It denies an attacker a reliable means of probing the enterprise for invasion points," Ogren said.
For instance, if a couple of clients on a network are hit by a virus, the software has shutdown possibilities and can limit the exposure of other clients linked to the network by not allowing them access to the contaminated files, Ogren said. StormWatch can black list certain e-mail attachments or files so they are not opened at the client level.
Authentica Inc. has been beta testing StormWatch for the past six weeks, said Allen Rogers, Authentica's vice president of engineering. Authentica, which provides secure controls over documents, Web content and e-mail, is using StormWatch to secure its policy, Web and mail servers, he said.
"It gives that warm feeling that if something happens there is an audit trail," Rogers said.
Rogers said he was impressed by how StormWatch can be controlled from a single console and the ability to write rules for the system after reviewing an audit of the system. Stormwatch is expected to make the rule development capability even simpler in the future, he said.
While the first version of StormWatch is exclusively for Windows NT systems, future versions of the security software are planned for Unix, Linux and Windows 2000, Ogren said. StormWatch will come in a starter pack targeted for a small Web farm, or application server farm, Ogren said.
The starter pack includes a StormWatch Management Console and support for intelligent agents for five servers and five desktop machines, he said. The initial price is a two-year subscription for US$8,995.
Okena, in Waltham, Massachusetts, can be reached at +1-781-209-3200 or http://www.okena.com/.