HP finds place for virus throttling
- 14 February, 2005 12:10
New technology on servers and switches from HP will slow virus outbreaks on computer networks that use the HP products, according to the company.
The vendor has announced commercial implementations of technology it calls "virus throttling" that can slow the rate at which viruses and worms spread inside a corporate network.
HP is offering the virus throttling software for ProLiant Servers and ProCurve Networking by HP 5300 series switches.
The company also unveiled the Security Containment software suite, which locked down software applications that have been compromised by an attack, head of HP's Security Office, Tony Redmond, said.
The new software delivers on technology HP unveiled one year ago at the RSA Conference and is part of HP's program to develop technology that keeps computer networks operating in the face of fast-moving attacks.
HP would be demonstrating both new technologies at the 2005 RSA Conference, it said.
Virus throttling is a technology developed at HP Labs, the company's research facility, which can spot systems on a computer network that are attempting to make a large number of network connections, a common symptom of virus infection.
After identifying an infected system, the software notifies administrators and automatically chokes off, or throttles,outbound connections from it, which keeps the system online but prevents the virus from spreading rapidly, Redmond said.
Virus throttling won't prevent infected computers from communicating with other systems on a network, but it will keep them from bogging down other computers and applications and allow legitimate traffic to circulate.
The technology was intended to be a tool that would allow organisations to keep their network functioning even if a virus slipped through perimeter defenses, he said.
"If you have a mistake in your firewall or IDS [intrusion detection system] and a virus gets through, it can wreak havoc in your corporate environment. Administrators can find it difficult to cope, trying to swim upstream against a mass of viruses that are trying to connect at hundreds or thousands of connections a minute," Redmond said.
The virus throttling feature is available on ProLiant Servers running Microsoft's Windows 2000 or 2003 Server, as part of the ProLiant Essentials Intelligent Networking Pack, which can be purchased from HP for $US149.
The feature is also available as a free download for ProCurve Networking 5300 switch customers who have active maintenance and support agreements.
HP hoped to add the virus throttling features to more of its switches in the future, Redmond said.
It also announced the HP Security Containment suite, a software package for systems running the HP-UX 11iv2 operating system. This allows administrators to create secure virtual environments that prevent applications that are damaged or hijacked in an attack or virus infection from affecting applications or files elsewhere on the server, Redmond said.
The addition of virus throttling features in two products was proof that research done in the HP's labs could find a quick path to the company's products, Redmond said.
But HP has also experienced some hiccups along the way. In August, Redmond said that virus throttling would be challenging to implement in diverse networks, citing conflicts with Microsoft's Windows operating system.
While the company has ironed out those problems, a second technology that was unveiled at last year's RSA Conference, dubbed Active Counter Measures, is still being field tested with HP customers and internally at the company.
Active Counter Measures allows administrators to find machines even if they are outside of the company's patch management system or unmapped, or are unknown to administrators.
Network administrators can then vaccinate vulnerable machines by pushing out configuration changes or policies that prevent infection.
HP has said that it hoped to release the product in 2005.
Last week, Redmond called Active Counter Measures a promising technique, but did not offer any target dates for releasing the product.