Sana Security's Primary Response 3.0 Incorporates Malware Defense for Client/Server Enterprise Protection

Next generation IPS solution combines knowledge, behavioral heuristics, and adaptive profiling techniques simultaneously to enable instant and constant protection

SAN MATEO, CA -- March 7, 2005 - Sana Security, Inc., a leader in intrusion prevention software (IPS), today announced Primary Response 3.0, a comprehensive client and server IPS solution that detects, classifies and responds to complex threats, including malicious software such as keyloggers, Trojans, and rootkits.

Sana's Primary Response 3.0 is engineered around a patented behavioral heuristic approach called Active Malware Defense Technology (Active MDT) that prevents malware from infecting and causing havoc to PCs. Malware attacks such as keyloggers, Trojans, and rootkits are regarded as the preeminent threat that will cripple business continuity and exploit online identities in the years ahead.

By integrating customer feedback with research conducted in Sana Labs, Sana Security has once again innovated its way to the forefront of IPS evolution to keep pace with the security arms race that renders legacy solutions obsolete. The layered approach and features of Primary Response 3.0 include:

  • Out-of-the-box knowledge-based system protection for Windows Core Services, key Windows client applications, newly discovered applications, malware prevention (Trojans, spyware, keyloggers, backdoors, rootkits, worms, etc.), and system protection

  • Sana's proprietary, patented Active MDT -- behavioral heuristics that can detect, classify, and respond to malicious software

  • Adaptive profiling that learns application file path behaviors and responds to anomaly-based threats

  • Centralized management with pre-configured, default settings for accelerated deployment and protectionIntegration of Active Directory for easier administration

  • Rich granular policy control and forensic information

"The Information Security threat matrix today is such that reactive measures like signature-based identification are no longer adequate. HomeBanc increasingly relies on behavioral anomaly based threat detection. Also, Internet browser access and e-mail are accessible from everywhere and have become a major transport for malicious code. Threats can now originate anywhere and often escape perimeter defenses," said Michael Ciarochi, senior security engineer, HomeBanc. "Sana offers distributed, intelligent threat detection, mitigation, and reporting where it is most needed -- at the target end node -- giving us the ability to find and eliminate the source of the threat before it can impact our security or business."

By taking a preemptive protection approach, Primary Response 3.0 provides constant protection regardless of whether or not end-users are connected to the corporate network, or in a remote office. The end result enables IT to deliver business continuity across the enterprise.

According to Ed Skoudis, malware expert and author of Malware, Fighting Malicious Code, "Ignoring the threat of malware is one of the most reckless things you can do in today's hostile computing environment. Malware is malicious code planted on your computer, and it can give the attacker a truly alarming degree of control over your system, network and data - all without your knowledge!"

Primary Response 3.0 centrally manages both client and server agents and was designed to operate almost completely independent of IT administration, enabling it to be quickly deployed and configured to scale across hundreds of enterprise servers and PCs in complex enterprises without compromising visibility and control. Primary Response integrates with existing enterprise user and data stores, including Microsoft Active Directory, for accelerated time to deployment by leveraging administration authentication and general user and group management.

"Reactive technologies that simply scan and detect do not provide an adequate defense for today's dynamic enterprise environments. With Primary Response 3.0, Sana's growing enterprise customer base can now leverage end-to-end protection from malicious code, even when it is specifically designed to hide recognizable characteristics," said Timothy Eades, senior vice president of marketing, Sana Security. "Primary Response utilizes event-based behavior heuristics to defend against complex, unknown threats that can't be detected through products employing constant updates and configurations."

Active MDT

Unlike signatures that handle only "known bad" or single-bit rules that can identify "known good" or "known bad", Active MDT can identify a process or program that appears to be a normal part of your system, but actually has a malicious intent. Malware has innate characteristics of how it behaves, including stealth (the ability to hide from the end user or security tools to avoid detection), survival (the ability to survive system reboots and continue operating) and mission (action to perform an intended goal).

Looking at each behavior on its own is insufficient for detecting malware, since many normal programs exhibit one or more of these behaviors themselves. Active MDT examines a combination of behaviors over time to determine if a program is truly malicious. Malware is often made up of multiple components and processes; thus it is critical to look at behavior across these components to assess program maliciousness.

About Sana Security

Sana Security creates award-winning, autonomous intrusion prevention software that is aware of environment change, adaptive to new threats and active in preventing attacks before they do harm across mission-critical computer systems. For more information, visit or contact the company by phone at 650-292-7100.