Hands-free host protection

Determina's memory firewall thwarts Windows vulnerability exploits without signatures or training

Winding their way through an open port and directly into system memory, worms wreak their havoc by slipping malicious instructions into RAM currently being used by the operating system or an application. If a vulnerable OS or application allows the malicious code in, the system has no choice but to execute it -- unless the system is protected, according to Determina, by its SecureCore “memory firewall.”

SecureCore doesn’t use signatures to identify attacks, nor does it learn “normal” application behavior in order to block unusual system calls. Built on the principle that malicious code always violates basic software conventions, SecureCore inspects each instruction before it executes and then blocks attempts to hijack system memory. In this way, the company says, it protects against all memory-based attacks, known and unknown, without requiring updates, training, or any configuration at all.

The SecureCore solution consists of memory firewall agents for Windows servers -- Linux is on the company’s road map -- and a Web-based management console that allows administrators to deploy and manage agents from a central location. The management console is clean and functional and covers the basics; you can manage servers in groups, track administrative changes, configure the standard alerts, automate shutdowns of applications being attacked, and view event summary and forensics information.

SecureCore promises a no-fuss approach to thwarting the most dangerous types of attacks. Working at such a low level, it can’t help but raise concerns regarding its impact on system performance and stability. We’ll keep a close eye on these issues in our upcoming review.

SecureCore 2.0


Cost: $500 per server (includes agents for Windows Services, IIS, Exchange, and SQL Server)

Available: Now

Copyright © 2004 IDG Communications, Inc.

How to choose a low-code development platform