Therminator May Squelch Net Attacks
By Mike Martin
NewsFactor Network
September 29, 2003

As cyber attacks continue to rise in sophistication and virulence, early indications and warnings are more critical than ever, said Rear Admiral David Ellison, superintendent of the Naval Postgraduate School.

Atlanta-based network intelligence company Lancope has teamed with leading U.S. defense organizations to create a new way to terminate malicious network attacks.

StealthWatch+TherminatorT (SWaT) provides unprecedented real-time visualization of network traffic and pattern-less detection of known and unknown attacks to protect sensitive data, as well as network assets, said Lancope spokesperson Jody Ma Kissling.

If You Hack, 'I'll be Back'

Developed in cooperation with the National Security Agency (NSA), the Defense Information Systems Agency (DISA) and the Naval Postgraduate School (NPS), SWaT performs both real-time and retroactive network surveillance.

The Therminator, as it is known, detects network attacks using thermodynamic-based algorithms, Kissling told NewsFactor.

Like an IT version of thermodynamics -- the study of heat and temperature equilibrium -- Lancope's network protector clearly distinguishes anomalous network behavior and deviations from a state of network-traffic equilibrium, Kissling added. As a result, previously undetectable nefarious activity becomes visibly apparent in real-time.

Getting ahead of hackers -- who always seem one step ahead of technology -- is the goal of early detection systems, which are not yet in widespread use.

Early Warning System

Signature-based Intrusion Detection Systems (IDS) and virus scanners are not engineered to make that strategically important first detection of new or previously unknown attacks, said John McEachen, director of the NPS Reconfigurable Intrusion Detection and Deception Laboratory. Recent rapidly spreading worms, such as the Blaster and SQL Slammer, use an increasingly sophisticated means of propagation through random source and destination IPs.

Early warning systems may help terminate network hack attacks before they propagate enough to cause real damage.

As cyber attacks continue to rise in sophistication and virulence, early indications and warnings are more critical than ever, said Rear Admiral David Ellison, superintendent of the Naval Postgraduate School. The sooner new exploits or vulnerabilities are detected, the earlier we can take action against them.

Team Therminator

Taxpayers and the U.S. government funded the Therminator technology.

Through technology-transfer legislation, such as the Stephenson-Wylder Technology Transfer Act, which promotes integrated research-and-development partnerships with companies like Lancope, we can keep pace with the latest IT challenges, Admiral Ellison told NewsFactor.

Government-funded technology often is transferred successfully to the private sector -- witness Tang, the Internet and NIH Image -- the favorite open-source imaging software of the international scientific community.

In conjunction with the NSA and the Department of Defense, Lancope has developed a unique information-security technology that not only helps public agencies combat cyber warfare, but also gives private organizations the additional ability to detect sophisticated cyber attacks in real-time, Lancope chairman John Copeland told NewsFactor.

By establishing a committed relationship with the government, Lancope has successfully completed this co-development initiative to build, test, deliver and support a product that presents the best features of COTS (commercial off the shelf) and government-developed technologies, added Dave Ford, Department of Defense joint coordinator for the SWaT initiative.

NewsFactor