ATLANTA …Â A network security system developed by Lancope protects against a new Internet worm that has been targeting Microsoft SQL servers this week.
Lancope’s StealthWatch intrusion detection system monitors network traffic for anomalous behavior, such as the remote scanning and probes associated with the worm variously known as DoubleTap, SQLSnake and Spida.A.Worm, and issues an alarm when a predetermined concern index has been met.
In addition to providing an early warning of the SQL worm, StealthWatch is able to detect and record the frequency and characteristics of any attacks and identify which hosts have been directly affected, as well as those indirectly touched, by the worm. Once identified, StealthWatch alerts and tracks the propagation of the worm enabling security administrators to protect their network.
“Because StealthWatch relies on flow-based traffic architecture, it is able to intelligently detect encrypted and previously undocumented threats, such as this new SQL worm, and monitor it without triggering a volume of false positives that could overwhelm conventional signature-based (security) systems,” Lancope Senior Security Engineer Byron Cleary said in a statement. “Users of StealthWatch are also able to perform a detailed examination of the path and behavior of the worm as it attacks their network, enabling them trace the incident back to its initial stages and helping to identify its source.”
Lancope website: www.lancope.com