Executives at Linux security company Cylant say the computer security industry is engaged in a "conspiracy of sorts," or at least a conspiracy of ignorance, in taking a reactive approach to fighting vulnerabilities. Cylant is pitching its CylantSecure server monitoring . . .
Executives at Linux security company Cylant say the computer security industry is engaged in a "conspiracy of sorts," or at least a conspiracy of ignorance, in taking a reactive approach to fighting vulnerabilities. Cylant is pitching its CylantSecure server monitoring product as an alternative to the virus-runs-wild-then-release-patch cycle practiced by most security companies. CylantSecure for Linux, what the company calls a "host-based intrusion detection system," is a real-time monitoring system that immediately notifies the server's sysadmin when something funky is happening that shouldn't be.

The technology is based on research into software measurement done by Cylant's chief scientist, John Munson, for large, critical systems like those designed by Jet Propulsion Labs for the U.S. Space Shuttle. The software benchmarks the patterns of execution in the Linux kernel on a server, then determines when those patterns depart from normal. When an attack occurs, notification happens within "milliseconds," says Joel Rothman, president of Cylant. The company has applied for a patent on the process of aggregating the information CylantSecure's sensors pick up and put into a profile that's the server's normal functions. Some of the software is released under the GNU General Public License, and Cylant is a sponsor of the Kernel Instrumentation Project.

The link for this article located at Newsforge is no longer available.