A new security tool developed by Department of Energy engineers is designed to give security and IT administrators the ability to more quickly identify and respond to an issue on the network.
Hone is the brainchild of Glenn Fink, a senior research scientist with the Secure Cyber Systems Group at the DOE s Pacific Northwest National Laboratory (PNNL) in Richland, Wash. Hone is what Fink calls a cyber-sensor that essentially discovers and monitors the relationship between network activity on a computer and the applications--such as Microsoft's Internet Explorer--and processes running on it.
By greater visibility into those relationships, IT professionals will be able to more quickly understand and deal with cyber-attacks. In addition, IT administrators can use the tool for a host of network- and security-related tasks, according to Fink.
In developing Hone, he said he wanted to help people see what s on their networks.
"I want people to understand what s really happening on these very complex machines," Fink said in an interview with eWEEK.
He initially created the framework of what would become Hone as a postdoctoral researcher at Virginia Tech. Fink said he saw what visualization technology was doing elsewhere, and asked why people didn t use it in security. Such deep visualization into the system and the network would be hugely beneficial to security administrators, he said.
"This was the hammer to hit their nail," he said.
Fink took his ideas with him when he went to work for PNNL, where he was able to secure the internal funding and collaboration needed to get going on work on what eventually turned out to be Hone. "It s really easy to get people to say, 'Yeah, that's cool,'" he said. "It's another thing to get people to say, 'And here's the money.'"
The problem is what he sees as an inefficient way of dealing with security issues. Right now, security and system administrators spend much of their time searching for unusual patterns in communications between computer systems and the network, Fink said. The problem is that once such a pattern is found, there's nothing to say which program is doing the communicating, so the administrators closely watch the system hoping to see the program work again and allowing them to get a better read on the situation.
However, Fink said, they may never see the dangerous program again. However, Hone creates an ongoing record of the communication, not only showing the communications between systems on a network, but also which specific programs--including Web browsers, system updates and malicious programs--are involved in the communication.