Cs3's Reverse Firewall Guards Outbound Traffic


Cs3 developed a product it said can help companies prevent malicious hackers from using their computers in distributed denial-of-service attacks.

Instead of filtering incoming traffic, the company's MANAnet Reverse Firewall monitors and filters outgoing traffic and limits the rate of unexpected outgoing packets.

"It sits at the edge of the network, like a firewall, and guards your outbound traffic," said K. Narayanaswamy, co-founder and CTO of Cs3, based here.

The device is targeted at ISPs, enterprises and universities, and the company wants to team with solution providers to sell it, he said.

A denial-of-service attack floods a network with requests, which slows or halts normal traffic. In a distributed denial-of-service attack, a hacker hijacks multiple computers, turning them into "zombies" that flood a network with bogus requests.

Charles Neal, head of Exodus Communications' Cyber Attack Tiger Team (CATT), said there is some value in products that protect from denial-of-service attacks, such as Cs3's reverse firewall, but that the cost has to be balanced with the particular security threats a company faces. "The trick in security is you can't add every one of these things," he said. "You have to come up with a balance that makes sense, based on your individual company's need."

Cs3's device uses what the company calls "fair service" technology. A company sets what the expected traffic is from different parts of the network and the device regulates traffic according to those specifications.

The product costs $3,995 and handles up to five internal subnets, Narayanaswamy said. The rack-mountable device can be plugged into the network with a company's existing firewall, he said.

Cs3 has partnered on the product with GEA Associates, a technology marketing firm in Las Vegas. Theresa Goss, vice president and director of sales and marketing at GEA, said companies are buying the device, including a school in Las Vegas.