More host-based production security tools unveiled

["Kenneth R. van Wyk" <Ken () KRvW com>]

Greetings all,

In this (http://www.eweek.com/article2/0,1759,1607680,00.asp) article over on 
eWeek.com, a couple of new tools are described, including Determina's 
SecureCore and Immunix's Application Firewalling Suite.  The article states, 
"This tack represents a shift from the decades-old approach of detecting and 
stopping attacks in progress using signatures or pattern-recognition 
algorithms. Customers and security experts say the new tools signal a new 
direction for the industry at large."

As a staunch non-advocate of the patch-and-chase game, I find this encouraging 
and sincerely hope that the tools live up to the expectations that are being 
set.  I also wonder if things such as AMD's relatively new NX (non-execute) 
bit architecture can be of any value in preventing things like buffer 
overflow attacks in production environments.  While they're no substitute for 
designing and coding things properly in the first place, I do like the notion 
of the system preventing such attacks before they can do harm.  (In fact, 
this concept is very much at the center of my first monthly column on 
eSecurityPlanet, which should be hitting http://www.eSecurityPlanet.com later 
today.)

Although the Immunix suite was briefly described here earlier, the Determina 
product wasn't.  Has anyone here looked at these tools and care to share 
their experience with either or both?

Cheers,

Ken van Wyk

-- 
KRvW Associates, LLC
http://www.KRvW.com