In-Depth

Flagship Product Analyzes Red-flagged Applications

When it comes to malware, one company says their product separates the wheat from the chaff, advising enterprises which files should and shouldn’t be on their systems.

• By Jason Turcotte
• 09/19/2006

Security solutions are only as efficient as the data they provide. One software company says when it comes to malware, they have a product that separates the wheat from the chaff, advising enterprises which files should and shouldn’t be on their systems.

Savant Protection introduced an enterprise management edition of a product—operable on both Windows and Linux systems—that doesn’t claim to eliminate security risks altogether but promises to contain the spread of such risks. Unlike whitelist solutions, Savant offers data that lets chief security officers make educated decisions on which files should stay and which should go.

“This is about mitigating the sprawl of malware. There won’t be a security solution out there that will eliminate all security risks,” says Ken Steinberg, CEO and founder, Savant. “You can’t take the human chaos out of the security picture.”

With the mobility of applications today, enterprises are more susceptible to malware than ever before. Remotely working employees, office visitors and laptops are a few human factors that put organizations at risk, and hackers have as much access to security solutions as consumers do.

“It’s impossible to know what the next attack vector’s going to be,” Steinberg says. “If you do, I want to know what tomorrow’s lottery numbers are going to be.”

According to James Hickey, vice president and general manager for Savant, an enterprise’s chief concern used to be how it could maximize data flow 24 hours a day, seven days per week. Now that some financial institutions handle more than hundreds of terabytes of data, and thousands of transactions each day, their concern has moved to the security arena. Enterprises are looking for hassle-free methods for intrusion prevention.

The Savant technology—written on open source AJAX—automatically assigns a cryptographic key to every application within an enterprise. When the software detects a new application on the system, a “request for action” reaches the security officer, asking to run always, run once, or quarantine the new file. Steinberg says this decision can be ill-advised when IT staff is not apprised of which files are essential to the system, but Savant analysis is said to leave little doubt in their minds.

Since the Savant solution makes each system (within an enterprise) and its applications unique, a business can easily block unapproved, infected ones from entering benign computers. With a key assigned to applications and operating systems, interpreters, and scripts, programs trying to gain access without the appropriate key are prohibited from running on the system.

Steinberg predicts more and more enterprises will phase out whitelist solutions. Savant’s notable clients are in the financial, insurance and utilities industries as well as the government sector. The pay-per-use product is available now.

“Defense is not a good posture, but you don’t know how to attack hackers because you don’t know where they’re coming from,” notes Steinberg. “You need to make your castle survivable.”