Startup FireEye debuted this month, announcing plans to ship a switch-based network access control appliance in June that will let customers identify network-borne malware and attacks in order to contain them quickly.
Ashar Aziz, the firm’s CEO, founded the company after a 12-year engineering career at Sun. He says FireEye’s NAC appliance, as yet unnamed, will make use of what FireEye calls its virtual-machine technology to identify attack traffic.
This approach entails duplicating the desktop and server operating systems and applications within the FireEye appliance as a virtual CPU, and analyzing how traffic passing through a managed switch might affect it.
“The idea is to model vulnerability to malware,” Aziz says about the virtual-machine approach.
Only Avinti, a startup funded by Symantec and two venture-capital firms to detect unknown keyloggers and Trojans in e-mail, is known to be applying the virtual-machine concept in similar fashion in its iSolation Server.
Aziz says the technique will be effective at the network level to identify quickly incoming malware or attacks that might disseminate in an enterprise.
If the FireEye appliance determines network traffic is harmful, it can direct a switch to take action.
“We can then shut down the ports or quarantine the device,” Aziz says.
“You can have your anti-virus up to date and still get infected if there’s a new worm.”