|
|
Lancope's StealthWatch™ Protects Against SQL Slammer Worm
Behavior-Based Intrusion Detection System (IDS) Detects SQL Slammer Before Attack Hits
ATLANTA, Ga., January 28, 2003 - Lancope Inc., the provider of StealthWatch for award-winning, behavior-based Intrusion Detection, announced today that it provided early warning to its customers to protect against the fast-spreading SQL Slammer worm. Similar to a denial of service (DoS) attack, this worm creates an overload of network traffic that significantly slows down network speed by exploiting a known vulnerability in Microsoft's SQL Server 2000 database and MSDE 2000 (Microsoft SQL Server 2000 Data Engine).
Deployed at critical segments of customers' networks, StealthWatch detected an exponential increase, more than 10-fold, in connection attempts on UDP port 1434 at 12:30 A.M. on January 25, 2003. Within hours and before the CERT® Coordination Center had issued an advisory, Lancope conclusively associated this activity with the SQL Slammer worm based on the trademark characteristics of the attack: scanning activity on the specified port and massive consumption of network bandwidth.
Upon witnessing the sudden spike in network traffic, StealthWatch alerted system administrators through an escalating series of New Host alerts and High Traffic, High Concern Index, Touched, Out-of-Profile and Out-of-Zone alarms depending on the level of StealthWatch configuration. This immediate notification of unusual network activity enabled customers to take precautions and proactively protect their networks against the self-propagating worm.
"Despite the fact that Microsoft released a patch for this known vulnerability several months before this attack, many organizations were caught off guard and compromised. The high number of patches released almost daily by software companies makes it practically impossible for network administrators to manage security alerts and protect the network," said John Jerrim, vice president of engineering with Lancope. "By deploying StealthWatch throughout the network, our customers realize that behavior-based intrusion detection is on-going, proactive and an integral component of the security infrastructure."
He adds, "Not only does StealthWatch provide intrusion detection, but it also offers traffic management within a single behavior-based appliance. Combined, the results are fewer false positives and proactive identification of attacks before they shut down the network."
Contact info@lancope.com to view a demonstration of the impact of the SQL Slammer attack.
StealthWatch was favorably reviewed in the recent Network World Magazine article "Denial of Service: Fighting Back" and was recommended for companies seeking a combined IDS and DoS product.
About Lancope and StealthWatch™
Founded in 2000, Lancope is the leading provider of next-generation network integrity solutions that deliver behavior-based threat defense, policy enforcement and insightful network intelligence. With integrated visibility across network security, traffic characteristics and host-level activity, Lancope's StealthWatch solutions provide unparalleled network protection and optimization. Both OPSEC and Common Criteria certified, StealthWatch has received numerous accolades. Most recently StealthWatch received a 5-star rating for technology excellence from CRN Magazine. In addition, StealthWatch has received the Innovation In Infrastructure Award from eWeek and PC Magazine and was honored "Most Impressive" by eWeek. Defending the networks of Global 2000 organizations, academic institutions and government entities, Lancope protects the critical assets of today's sophisticated enterprises. For more information, visit www.lancope.com.