technology
Hardware
Chips
Graphics
Notebooks
Peripherals
Servers
Software
Science
Internet
Defence
Research
Unbelievable
telecoms
Applications
Broadband
Digital Content
Infrastructure
Mobile
business
Financials
Legal
Logistics
Resellers
Retail
Security
Rumour
Letters
outsourcing
BPO
Outsourcing
CRM
NewsNow
NewsNow
NewsNow
RSS Feed


Thursday, 2 September 2010 18:58 UK Login |  Bengaluru, India


 

Counteract prevents Conficker outbreak

Classifies and maintains 'unmanaged windows assets'

By Aharon Etengoff in San Francisco @ Thursday, February 05, 2009 7:56 AM

 
 

Forescout's Counteract has reportedly prevented an outbreak of the nefarious Conficker worm at a prominent US corporation.

"Counteract is a powerful, automated network solution for preventing the infection and spread of the Conficker worm," Forescout president Gord Boyce told IT Examiner. "And it's 'always on,' ensuring that the Microsoft Update service is always running, that IT protection tools, such as anti-virus, anti-spyware, etc, are always working, that attempts to infect endpoints are always blocked and that the network remains malware free."

According to Boyce, the appliance automatically deploys a Secureconnector to classify and maintain unmanaged windows assets. The connector, a light dissolvable client managed by a captive portal, is capable of protecting all Windows machines on a corporate network.  

"Other NAC solutions often rely on IT staff to deploy their endpoint protection agents through scripts or patch management systems, that generally only address managed (domain member) assets. Unlike standard AV/PM and the like, Counteract provides a complete, all-around protection," explained Boyce.

Indeed, counteract offers multiple layers of IPS protection: at the perimeter and on the LAN. The device also ensures USB detection and blocks unauthorised entry via external ports.

As IT Examiner previously reported, the spread of the insidious Conficker has prompted a number of security companies to develop various methods of curtailing the outbreak.

For example, Mirage Networks recently designed a solution that detects and isolates the rapidly-propagating worm.

"The worm's behaviour thus far leads us to believe that it is either a distraction to mask more nefarious malware, or it's lying dormant until some trigger causes it to unleash its potential," explained Grant Hartline, chief technical officer for Mirage Networks. "The worm has circumvented firewalls, anti-virus software and other traditional security measures. And while some NAC solutions can help ensure systems are patched prior to gaining network access, that clearly isn't enough in this case."

Mirage's NAC solution, which ensures endpoints have required operating system patches installed, finds the worm using advanced threat detection techniques. NAC then isolates infected machines, thereby protecting all systems on the network from further propagation.

"Regardless of the worm authors' intent, this is definitely something you do not want on your network," said Hartline. "When systems are up to date on anti-virus, have OS patches in place specifically to address the flaw, and are still being infected, it's an eye-opener. This is a perfect example of why we remain focused on interior network security." X

Check Out
IT Examiner

 
  Add Comment 
  
Copyright 2009 - ITExaminer.com  Terms Of Use  Privacy Statement  Contact Us