Sana Security Customers Protected From Microsoft PCT Vulnerability; Latest Microsoft Exploit Fails to Penetrate Primary Response and Disrupt Distributed Enterprise Assets.Business Editors/High-Tech Writers SAN MATEO San Mateo (săn mətā`ō), city (1990 pop. 85,486), San Mateo co., W Calif., on San Francisco Bay; inc. 1894. It is a commercial and retail center with some high-technology manufacturing. San Mateo, Spanish for St. , Calif.--(BUSINESS WIRE)--April 26, 2004 Sana Security, Inc., a leader in host-based intrusion prevention See IPS and IDS. software, today announced that Primary Response successfully protects against a buffer overrun vulnerability that exits in the Private Communications Transport (PCT (Private Communications Technology) A protocol from Microsoft that provides secure transactions over the Web. See security protocol. ), which is part of the Microsoft Secure Sockets Layer (networking, security) Secure Sockets Layer - (SSL) A protocol designed by Netscape Communications Corporation to provide secure communications over the Internet using asymmetric key encryption. (SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. ) library threatening Windows NT 4 and Windows 2000 (MS04-011). Sana Labs has tested the exploit code in question and found that Primary Response is successful in blocking it freeing Sana Security customers to establish a vulnerability shield, conduct the appropriate testing procedures to maintain network uptime and business continuity, and apply the relevant patch. According to the IT-ISAC IT-ISAC Information Technology - Information Sharing and Analysis Center (industry consortium) , security solutions are "detecting and blocking attacks against many institutions. The attacks are attempting to steal data and/or break into payment systems." While this is a potentially devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. vulnerability, Primary Response assures that even unknown, zero-day attacks based on this vulnerability are blocked and prevented from disrupting operational performance. Sana Security has become aware that viable exploit code for this exploit is in active circulation around the Internet. Further, there are unconfirmed reports of a worm built from this exploit code is being tested in the wild for possible release in the coming days. At this date there are no confirmed reports of worm infection but there has been a dramatic increase in the threat traffic levels directed at Microsoft IIS on port 443 (https). Microsoft has issued a further warning that it expects additional exploit code to be available for several of the recently announced exploits within the next week. Sana Security urges its customers to apply relevant patches and to use Primary Response to mitigate exposure risks. "With each new vulnerability and exploit code enterprise security and operational resources are strained," said Tim Eades, senior vice president, marketing, Sana Security. "Primary Response's ability to detect abnormal application behavior provides everyday protection from zero-day attacks without depending on rules and signatures that fail to offer a real-time defense strategy from ongoing vulnerability exploits." As the world's only host-based intrusion prevention solution based upon the principles of the human immune system immune system Cells, cell products, organs, and structures of the body involved in the detection and destruction of foreign invaders, such as bacteria, viruses, and cancer cells. Immunity is based on the system's ability to launch a defense against such invaders. , Primary Response scales to protect thousands of mission critical servers, applications, and operating systems from malicious code. The product adapts easily to legitimate system and application changes, detects aberrant behavior, and reduces false positive fire drills that overwhelm IT departments with useless data and non-urgent security alerts. About Sana Security Sana Security develops and markets host-based intrusion prevention software (HIPS) that provides the best protection from known and unknown attacks with the lowest, most predictable operating costs. Founded to commercialize breakthrough Sana Adaptive Profiling Technology (SanAPT) developed by founder Dr. Steven Hofmeyr, Sana Security's first product, Primary Response, protects the broadest range of platforms and applications, and requires fewer resources to manage, deploy and scale by eliminating the need for constant updating and management by security experts. Sana Security is funded by leading venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] Bay Partners, El Dorado Ventures and Sevin Rosen Funds Sevin Rosen Funds (SRF) is a venture capital firm that was established in 1981 by L.J. Sevin and Ben Rosen. SRF was involved in the financing of ArQule, CIENA, Citrix, Cypress Semiconductor, Electronic Arts, Lotus Development Corporation, Silicon Graphics, and Vitesse. . The company is headquartered in San Mateo, Calif., and can be reached at www.sanasecurity.com or by calling 650-292-7100. All product and company names may be trademarks or registered trademarks of their respective holders. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion