Printer Friendly
The Free Library
14,505,492 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Protego Networks' MARS Appliances Detect and Stop Bagle/Beagle Worm by Default; Combines Anomalous Behavior Detection and Network Security Topology.


Business Editors/High-Tech Writers

MILPITAS, Calif.--(BUSINESS WIRE)--Jan. 21, 2004

Protego Networks Inc. announced today that the MARS appliance will detect and halt the rapidly spreading Bagel worm in real-time using default system rules. Customers hit with Beagle (aka Bagel) were immediately alerted to the threat and provided specific mitigation instructions.

"MARS was designed specifically to stop these kinds of new attacks," says Partha Bhattacharya, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey.  of Protego. "Detecting known attacks is not rocket science rocket science
n.
1. Rocketry.

2. Informal An endeavor requiring great intelligence or technical ability.  -- traditional anti-virus and intrusion detection/prevention products do that quite well. Detecting unknown threats for which no signatures exist is a much harder customer problem. Protego's comprehensive model of network topology See topology.  and security policies enables the MARS appliance to not only detect anomalous behavior like Beagle, but also determine with great precision exactly how to stop it."

Beagle is a mass-mailer worm that targets windows users. It arrives via e-mail with the subject "hi", body containing "test" and a randomly named EXE file (EXEcutable file) Pronounced "ex-ee file." The name given to a program in machine language that is ready to run in DOS, Windows, OS/2 and VMS. The name comes from the .EXE extension at the end of the program name; for example: XYZ.EXE.  attached. Clicking on the attachment launches the worm, which opens up a backdoor See trapdoor.  on TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end.  port 6777 that allows a remote attacker to download and remotely execute malicious programs on the infected host. The worm also broadcasts the location of the infected host to a list of foreign Web sites, and propagates itself to locally discovered e-mail addresses. This behavior generates a sudden increase in activity on SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail.  TCP port 25 and on the backdoor TCP port 6777. These anomalous traffic patterns trigger the default "Increased Traffic to a Port" Rule which comes with every MARS appliance. MARS notifies the operator of the Incident in real-time, providing a dynamic attack-path graph and specific commands to isolate and stop the attack at the switch port, router or firewall level.

Protego Networks' Mitigation and Response System (MARS) provides all the benefits of Security Information Management (SIM), plus the ability to prevent intrusions and policy violations. The MARS Appliance reduces the burden on critical security personnel, enabling them to respond quickly and decisively to incidents.

Protego Networks also notifies customers by e-mail of security threats and solutions using their MARS appliances via periodic Security Threat Advisories. More information about this specific threat can be found on our Web site at: http://www.protegonetworks.com/support/sta2004-1-21.html.

About Protego Networks Inc.

Protego Networks Inc. is the first company to deliver purpose-built appliances for real-time Security Threat Mitigation. Our innovative MARS appliances allow organizations to centralize cen·tral·ize  
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es

v.tr.
1. To draw into or toward a center; consolidate.

2.  security information and quickly identify, analyze and respond to security threats. Protego Networks Inc. is a privately held company privately held company

A firm whose shares are held within a relatively small circle of owners and are not traded publicly.  founded in 2002, with headquarters in Milpitas, Calif. with offices in Boston, Washington D.C., Toronto and London. For more information, call us at 408-262-5220, or visit us on the Web at http://www.protegonetworks.com.
COPYRIGHT 2004 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Jan 21, 2004
Words:456
Previous Article:Homeland Security and Operation HOPE, Inc. Formalize Partnership In HOPE Coalition America.
Next Article:Interchange Financial Services Corporation Reports 27% Increase in Net Income for 2003.



Related Articles
Kaspersky upgrades I-Worm.Bagle threat to severe.(Virus Notes)
Top ten viruses reported yo Sophos in January.(Virus Notes)
Top ten viruses reported to sophos in February 2004.(Virus Notes)
A barrage of bagles.(Virus Notes)
New Bagle worm uses old tricks to spread.(News)(Brief Article)
Virus top twenty for November.(Virus Notes)
Top twenty viruses reported to kaspersky in december.(Security Products)
Kaspersky lab virus Top 20, February 2005.(SOFTWARE WORLD DIGEST)
New version of Bagle widely spammed.(Security)
Top ten viruses reported to Sophos in February.(Virus Notes)

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles