IBM Unearths Anti-worm ToolsBy Matt Hines | Posted 2006-03-27 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The company releases its Billy Goat intrusion detection technology, which was built in part using expertise gained via IBM's research efforts and will be offered by its professional services unit.
IBM introduced a new intrusion detection technology dubbed Billy Goat that claims to be highly effective in battling worm viruses and other types of malicious IT threats, and in eliminating false security alarms.
According to the company, Billy Goat offers organizations improved threat detection capabilities by duping outsiders into believing that it is an unprotected IT asset worth targeting, and then shutting down any subsequent attacks.
First invented by the company's research group to help European Internet Service Providers deal with malicious programs being propagated by exploited computers on their networks., Billy Goat will now be offered as a package of software and consulting offered by the firm's IBM Global Services unit.
According to IBM, the tool hides itself to appear on a corporate network as a collection of servers that appear to be attractive candidates for an outside attack.
While offering few technical details of how Billy Goat works, the company was quick to point out that the "masquerading" technology does not communicate with any legitimate computers on a customer's network, but said that it is created such that criminals who randomly attack servers are likely to find it and fall for the ploy.
"Billy Goat uses a unique approach to detect malicious software by responding to requests sent to unused IP addresses, presenting what from a worm's-eye view looks like a network full of machines and services," Dr. James Riordan, lead designer of the system at IBM's Zurich Research Lab said in a statement.
"In other words, Billy Goat creates a virtual environment for the worms," said Riordan.
"Such virtualization, by providing feigned services as well as recording connection attempts, helps Billy Goat trick worms into revealing their identity."
As soon as Billy Goat gets attacked, IBM says, the system quickly identifies any attacking computers and blocks them from contacting other IT assets, which the company said isolates any worms and viruses before they can do any real damage.
While the system's real strength lies in duping attackers and walling off networks from worm attacks, IBM is promoting Billy Goat's ability to more accurately identify malicious attacks, versus false alarms, as one of its biggest advantages.
Companies spend so much time chasing down attacks that may have no real impact on their IT operations that they have less time to spend dealing with important threats, IBM said.
The technology is being made available, and was designed by IBM's ODIS (On Demand Innovation Services) effort, which is a partnership between the company's IBM Research division and its BCS (Business Consulting Services) unit.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.