Sana gets ICSA certified, hits v2.2

Sana Security Inc will today release version 2.2 of its Primary Response host intrusion prevention software, and simultaneously announce that Primary Response has been certified by ICSA Labs, one of the main security certification programs.

The company claims that it will be the first in its category to be ICSA-certified, and that Network Associates Inc and Cisco Systems Inc, which it identifies as its main competitors, will be invited to apply for certification too.

As is usual for a year-old product, the upgrades in version 2.2 primarily revolve around manageability and integration, making it easier to be used in existing customer networks without taking too much time or causing too much disruption.

The company said key among the upgrades are support for Oracle databases and Crystal reports. In addition, there are more tools to let administrators deal with logical groups of servers and applications, Sana said.

Users can upgrade to the latest and future versions of Primary Response’s agents without needing to reboot, founder and chief scientist Steven Hofmeyr said. Touching servers is not something people want to do often, he said.

Primary Response’s take on intrusion prevention is one of positive enforcement, or the white-list approach, where it blocks whatever falls outside of expected usage patterns. This gives it the ability to deal with attacks against zero-day vulnerability.

The software works by sitting between applications and the operating system on each device that is to be protected. It watches the pattern of system calls or APIs being invoked by the applications, to build up a picture of normal usage.

Once it has built this model, it can start blocking any calls the applications make that fall outside of normal usage patterns. Most attacks try to force applications to do something they’re not supposed to by exploiting a bug.

The approach differs from competitors products, which can require human expertise to program rules, Hofmeyr said. They’re usually not deployed on any large scale because of the limitations of the knowledge-based approach, he said.

Two-year-old Sana’s largest customer is the US Air Force, which has the software deployed on 2,000 nodes. The company has been funded to the tune of $22m since launch, most recently with a $10m round in January.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing