|
Unique Combination of Pre- and Post-Admission NAC Isolates Elusive Threat
Austin, TX – November 15, 2007 – Mirage Networks, developer of patented Network Access Control (NAC) solutions, announced today that its NAC technology recognizes and isolates the notorious Storm Worm and its many variants, despite claims by some that Storm renders NAC solutions ineffective. The Storm Worm is malicious software designed to illegally recruit computers into a global distributed network, or botnet. The Mirage research team acquired copies of Storm and its variants and verified that it detects the worm and isolates infected endpoints.
“It is particularly significant that Mirage shuts down Storm because several aspects of the worm’s behavior suggest that its programmers designed it to thwart NAC applications specifically,” said Grant Hartline, chief technical officer for Mirage Networks. “Mirage’s out-of-box threat detection and mitigation render the Storm Worm ineffective, highlighting the necessity for both pre- and post-admission NAC.”
The Storm Worm propagates using a social engineering element that entices a user to launch an executable file that infects the user’s computer. The compromised system then is merged into a botnet. The Storm Worm is unique in that its botnet functions like a peer-to-peer network instead of being controlled through a central server. This makes an accurate accounting of the size of the botnet virtually impossible. Estimates range from 250,000 to ten million infected systems worldwide, all capable of receiving and executing commands from the worm’s programmers without the knowledge or consent of the system owners.
Aspects of Storm’s behavior suggest an active attempt to thwart many anti-virus and intrusion prevention systems. For example, the code Storm uses to propagate morphs every half hour, foiling signature-based technologies such as AV and IPS. Storm’s P2P network of distributed drones is resilient to attack, and constantly shifts the roles of systems on the network. By the time a command-and-control server is identified, it most likely isn’t serving that function any more, and if it is shut down, another system on the network will take over its responsibilities. Storm also demands little from its hosts in the way of network resources and doesn’t cause damage to the systems it infects, making it particularly hard to detect. Storm has also been known to initiate Distributed Denial of Service attacks on security vendors that covertly attempt to get machines on the botnet for reconnaissance.
Mirage Networks’ behavioral analysis engine detects devices that propagate threats or violate company policies, even when patches are either unavailable or not yet installed and when the violations are sporadic, as with Storm and its variants. Mirage surgically isolates the device in question, avoiding cross infection while enabling remediation, before allowing the device renewed access to network resources. In so doing, it stops damage from threats introduced onto the network by mobile endpoints, remote connections, and zero-day malware—complementing perimeter security solutions and giving organizations a more complete, in-depth security infrastructure.
About Mirage Networks
Mirage Networks, Inc. is the leading provider of Network Access Control (NAC) solutions, including both pre- and
post-admission security. The Austin, Texas-based company’s patented technology gives organizations control
over unknown, out-of-policy, and infected devices resulting in increased network uptime, policy compliance, and
reduced operational costs. Mirage’s NAC appliances work in all network environments, deploy out-of-band, and
require neither signatures nor agents to enforce policies and terminate zero-day threats. Mirage Networks
Endpoint Control is a consistent winner of industry awards and recognition. Learn more at
http://www.miragenetworks.com.
Contacts
Mirage Networks
Alison Guzzio, 610-925-2761
alison@inktankstrategic.com
© 2007, Mirage Networks, Inc. All rights reserved worldwide. Mirage Networks, its product and program names and design marks are trademarks of Mirage Networks, Inc.
|
