Security Startup Exploit Prevention Labs Eyes Channel
Exploit Prevention Labs' SocketShield application employs client software and continuous back-end monitoring of Web sites and servers to identify signs of exploit code and block it from users' PCs, said Roger Thompson, chief technology officer at the Atlanta-based company and a security industry veteran.
The key strength of the company's solution is its ability to determine whether a zero-day exploit is being launched from a Web site or an e-mail attachment and then quickly create a signature or add offending sites to a blacklist of IP addresses, he said.
The recent zero-day exploits in Microsoft Word and Excel illustrate the need for proactive security that goes beyond traditional antivirus software and firewalls, Thompson noted. Even when patches for zero-day exploits become available, large corporations with thousands of PCs simply don't have the resources to apply fixes to every single machine and conduct usability testing, he said.
"We're looking to provide a solution for people when there is no patch. We think [Microsoft's] monthly patch cycle is an opportunity for us," Thompson said.
Thompson expressed particular concern about an exploit discovered earlier this week by security researcher Debasis Mohanty that involves embedding Flash files with malicious code into an Excel file. Thompson said the flaw--which could allow attackers to remotely execute malicious code and gain access to confidential data--is dangerous because Mohanty published a proof-of-concept with his discovery.
Other recent incidents also highlight the need for more proactive security, Thompson added. For example, he recently discovered a small plastering business in the United Kingdom that had installed a free hit counter on its Web site without realizing that the counter was being hosted by a server in Slovakia that would quietly communicate with another server and install back doors on unpatched PCs. To identify such a threat, Exploit Prevention Labs uses a form of technological trickery, he said.
"We have a [technology] that allows us to go to a Web site and pretend to be a vulnerable Web browser. We point [our fake browser] at the Web page and see if anything tries to bite us," Thompson explained.
Exploit Prevention Labs sells SocketShield directly through its Web site, but in the third quarter it plans to roll out a corporate version of the product that's targeted at companies with up to 7,500 seats, said Chris Weltzien, COO at Exploit Prevention Labs. That product will be used as a framework for building an indirect channel and gauging interest from solution providers, he added.
The company aims to eventually develop a channel program that will enable VARs to participate in providing services, support, customization and configuration around the corporate version of SocketShield, Weltzien said.
SocketShield is available now for $19.95, which includes one year of updates.