Providing exceptionally accurate, function-rich Intrusion Detection and Prevention solution
SITUATION/CHALLENGE - Hackers continue to strike corporate and government information systems, despite millions of dollars spent in system defense.
The Federal Bureau of Investigation estimates that cybercrime is responsible for more than $120 million in damages annually, and that only 9% of cybercrime is even reported—which puts the total cost of the problem at a staggering $1.33 billion annually. Banks, credit unions and other financial institutions are especially sensitive, with most supporting online banking and conducting e-commerce in addition to electronically processing customer data. Security breaches such as identity theft and fraud have far-reaching impacts, ranging from remediation costs and damages payable to victims, to the cost of implementing new monitoring and intrusion prevention tools, to the inestimable toll of negative publicity and lost business.
According to the FBI, the ease with which even a non-technical person can breach a typical corporate network is demonstrated by the commercial availability of do-it-yourself root kits and virus kits on the Internet. Proof of the ineffectiveness of traditional Intrusion Detection, Prevention and Firewall security practices is in the daily headlines. Millions of Americans have been victimized by the compromise or theft of their supposedly protected personal data. Just two of hundreds of examples: the Nyxem worm, spread by mass-mailing in 2006, was designed to disable security-related and file sharing software and destroy files of certain types, such as Microsoft Office files; and the Storm Worm, which began gathering infected computers into the Storm botnet in January 2007 and had compromised nearly 10 million computers within nine months.
The United States Computer Emergency Readiness Team (US CERT) handled more than 37,000 incidents in 2007—up from some 24,000 in 2006—and counted more than 35,000 ’phishing’ attacks in October 2007 compared to just 6,200 the previous month.
Government compliance and privacy laws impose severe penalties on companies who fail to protect customer, client and patient data. The payment card industry (PCI) is governed by regulations that allow fines up to the total cost of the breach or consumer losses, in addition to terminating the company’s ability to continue credit card processing. The Federal Trade Commission has levied fines under the Health Insurance Portability and Accountability Act (HIPAA), but to date no company has been prosecuted civilly. The Gramm-Leach-Bliley Act (GLBA), governing the financial industry, and Sarbanes-Oxley require companies to identify and resolve internal and external security vulnerabilities.
And still, standard Intrusion Detection and Prevention System products have failed to effectively address stop cybercrime. According to Gartner research, some of the reasons for that failure include:
Too many false positives and negatives (up to 98% false positive rate) impair the ability to identify and prevent new types of attacks.
Round-the-clock system monitoring imposes an increased burden on the IT organization. IDS logs must be monitored 24/7 in order to detect an attack while it is occurring and rule out the false alarms. Most companies use reactive security event logging systems that only identify how the hackers got in after the fact. The People’s Republic of China launched attacks against the U.S. in September 2007 that are part of a two-year effort to breach government and commercial systems.
Incident-response processes are expensive and generally yield no results. To decide who, when, and how to report an incident—only to find out that the source is a home computer in Arkansas or a high school in Korea—usually translates to wasted time and energy, with most incidents going unreported and unresolved.
SOLUTION - SECNAP founder and chief technology officer, Michael Scheidell, is a recognized expert in network security with a history of invention and innovation, which has led to cutting-edge solutions that businesses need today and tomorrow.
As Chief Scientist on the HackerTrapTM project, Mr. Scheidell set out to apply his extensive knowledge of statistical probability and game simulation theory to design a patent-pending system that would address clients’ needs for more detailed, intuitive information not provided by competitive systems. While virtually any firewall, Intrusion Detection System or Intrusion Prevention System can report port-scanning or the launch of ‘known’ attacks, these tools are unable to identify the reason or driver behind the activity (e.g., infected sender, genuine hacker, or just Internet noise).
The result of Mr. Scheidell’s ground-breaking work was the HackerTrapTM Intrusion Detection and Prevention System, for which protection by the U.S. Patent and Trademark Office was filed by Mr. Scheidell in October 2003 (application number 20040098623). Mr. Scheidell leveraged abundant opportunities to test the effectiveness, speed and accuracy of the system. For example, during the initial outbreak of the Code Red worm in 2001, the original Intrusion Detection System experienced some 8,000 alerts per hour. Utilizing its patent-pending technology along with a trending engine and false-alarm reduction feature, the HackerTrap system was able to drive down alert volumes to just five per hour. By dramatically reducing false alarms and eliminating clutter, HackerTrap technology sends the accuracy rate of genuine incident detection through the roof as visibility becomes dramatically more acute.
The HackerTrap system is revolutionary and unprecedented in its ability to:
Detect genuine attacks against a network
Automatically report minor incidents with a zero false positive rate
Monitor the possible leak of personal or private information
Accurately identify a breached computer within a client company or an employee violating company policies.
To illustrate just a portion of HackerTrap's unique functionality, consider the example of an effectively-protected client network computer in communication with a computer outside the network that has been infected with a worm or virus. Would the client file a report? Not likely—unless the IDP system was able to file the report automatically, as HackerTrap does. Or, consider the current reality that most network attacks look like Internet noise and therefore are not given the attention they deserve. However, the HackerTrap system is able to correlate noise reports by thousands of network nodes in 50 countries around the globe—thereby effectively filtering out actual noise and accurately identifying sources of genuine attacks as well as new attack vectors.
Since its inception the HackerTrap system has been constantly tested and improved, and the product was deemed ready for full deployment in 2006. SECNAP technology is regularly upgraded as part of a commitment to ongoing product enhancement and optimum product effectiveness. The company’s unwavering engineering goal is to increase performance even as features are developed and implemented—one of many reasons the HackerTrap product line continues to outperform every other IDS or IPS platform.
Info Security Products Guide
CONCLUSION - The revolutionary functionality of the patent-pending HackerTrap intrusion detection and prevention system delivers benefits above and beyond those enjoyed by most organizations today. Network managers and IT professionals can experience dramatic increases in detection accuracy and prevention effectiveness, as well as time and cost savings, improved employee productivity, simplified system administration and added convenience.
Any business, government entity or other organization desiring demonstrated cost-effectiveness and accuracy in both intrusion detection and prevention owes it to themselves, their customers and stakeholders to explore a combination product such as HackerTrap. Intrusion Detection Systems alone are ineffective in blocking cyber threats, while Intrusion Prevention Systems alone are unable to identify new attack types or detect hackers trying to find holes in the system.
Finally, organizations subject to regulatory compliance legislation (including HIPAA, GLBA, SOX, and others) are especially sensitive to the need to monitor both incoming and outgoing traffic through their systems as well as the ability to identify genuine threats and attackers. With the proven ability to deliver on all of these requirements and more, the HackerTrap system is raising the bar for information security today and reshaping the future of the industry.
Michael Scheidell is a recognized expert, speaker and author in the network and data security community, with an extensive history of invention, innovation and thought leadership in the security space.
Since founding SECNAP® Network Security Corporation in 2001, he has aggressively pursued the development of network security and anti-spam products and services in concert with well-known industry leaders. The impressive results include patent-pending intrusion detection technology and a revolutionary anti-spam product line. Three patents are currently pending with the United States Patent and Trademark Office for intrusion detection and prevention products.
Prior to SECNAP, Mr. Scheidell founded Florida Datamation, a real-time network system integrator. As president and CEO he led product development and logistics, creating international partnerships and distribution channels in the United States, Germany, Spain, England, Mexico, Brazil, Japan and other countries. Under his leadership, Florida Datamation grew to be the largest QNX distributor in the world. A born innovator, Mr. Scheidell began his entrepreneurial career in 1971 when he developed and sold his first computer software program to one of the original X.25 networks.
During his distinguished career he has discovered and resolved vulnerabilities that are currently represented on the Common Vulnerability and Exposures (CVE) list, a cornerstone of the security industry, and has been a member of the FBI’s InfraGard Program since 1996, working with other information technology experts and educators to assist the FBI in its investigative efforts in the cyber arena. He is an active participant in the International Computer Security Association’s (ICSA) Anti-Spam Product Developers Consortium, which is tasked with developing specifications and criteria for the ICSA Lab’s Anti-Spam Certification Program, and is a member of the International Security Audit and Control Association (ISACA) and the Information Systems Security Association (ISSA), among others. Mr. Scheidell has authored informative articles and white papers for a variety of publications and is a frequent speaker at industry conferences. His firm was recently voted a 2008 Hot Company at the Technosium Executive Summit in Silicon Valley, California.
Driven by a strong creative impulse, Mr. Scheidell enjoys developing enhancements to his network security and email security products, analyzing and resolving anomalies, and deploying software upgrades that continue to deliver the very latest features to SECNAP customers. When he’s not busy chasing hackers and spammers, Mr. Scheidell relaxes by landscaping, and designing and installing outdoor ponds on his heavily wooded property in South Florida. He is also a certified SCUBA diver.
SECNAP Network Security Corporation
6421 Congress Ave., Suite 206
Boca Raton, FL 33487 USA