Sana Security Customers Protected From Microsoft PCT Vulnerability
Latest Microsoft Exploit Fails to Penetrate Primary Response and Disrupt Distributed Enterprise Assets
SAN MATEO, Calif.--(BUSINESS WIRE)--April 26, 2004--Sana Security, Inc., a leader in host-based intrusion prevention software, today announced that Primary Response successfully protects against a buffer overrun vulnerability that exits in the Private Communications Transport (PCT), which is part of the Microsoft Secure Sockets Layer (SSL) library threatening Windows NT 4 and Windows 2000 (MS04-011). Sana Labs has tested the exploit code in question and found that Primary Response is successful in blocking it freeing Sana Security customers to establish a vulnerability shield, conduct the appropriate testing procedures to maintain network uptime and business continuity, and apply the relevant patch.
According to the IT-ISAC, security solutions are "detecting and blocking attacks against many institutions. The attacks are attempting to steal data and/or break into payment systems." While this is a potentially devastating vulnerability, Primary Response assures that even unknown, zero-day attacks based on this vulnerability are blocked and prevented from disrupting operational performance.
Sana Security has become aware that viable exploit code for this exploit is in active circulation around the Internet. Further, there are unconfirmed reports of a worm built from this exploit code is being tested in the wild for possible release in the coming days. At this date there are no confirmed reports of worm infection but there has been a dramatic increase in the threat traffic levels directed at Microsoft IIS on port 443 (https). Microsoft has issued a further warning that it expects additional exploit code to be available for several of the recently announced exploits within the next week. Sana Security urges its customers to apply relevant patches and to use Primary Response to mitigate exposure risks.
"With each new vulnerability and exploit code enterprise security and operational resources are strained," said Tim Eades, senior vice president, marketing, Sana Security. "Primary Response's ability to detect abnormal application behavior provides everyday protection from zero-day attacks without depending on rules and signatures that fail to offer a real-time defense strategy from ongoing vulnerability exploits."
As the world's only host-based intrusion prevention solution based upon the principles of the human immune system, Primary Response scales to protect thousands of mission critical servers, applications, and operating systems from malicious code. The product adapts easily to legitimate system and application changes, detects aberrant behavior, and reduces false positive fire drills that overwhelm IT departments with useless data and non-urgent security alerts.
About Sana Security
Sana Security develops and markets host-based intrusion prevention software (HIPS) that provides the best protection from known and unknown attacks with the lowest, most predictable operating costs. Founded to commercialize breakthrough Sana Adaptive Profiling Technology (SanAPT) developed by founder Dr. Steven Hofmeyr, Sana Security's first product, Primary Response, protects the broadest range of platforms and applications, and requires fewer resources to manage, deploy and scale by eliminating the need for constant updating and management by security experts. Sana Security is funded by leading venture capital firms Bay Partners, El Dorado Ventures and Sevin Rosen Funds. The company is headquartered in San Mateo, Calif., and can be reached at www.sanasecurity.com or by calling 650-292-7100.
All product and company names may be trademarks or registered trademarks of their respective holders.
Contacts
Sana Security
Stacy Carp, 650-292-7157
stacy@sanasecurity.com
or
Voce Communications
Matthew Podboy, 650-322-6668
mpodboy@vocecomm.com
[ Comment, Edit or Article Submission ]
