HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 14 MINUTES AGO.
You are here: Home / Network Security / Israeli firm Unveils 'Behavior Firewall'
Israeli Startup Launches 'Behavior Firewall'
Israeli Startup Launches 'Behavior Firewall'
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
21
2014
An Israel-based startup unveiled on Tuesday what it describes as the first behavior-based, context-aware firewall for businesses. Built around Relevant Products/Services’s widely used Active Directory (AD), it looks at suspicious activity and attempts to model a pattern of behavior.

The Directory Services Application Firewall (DAF) product from the company, Aorato, watches for unauthorized use of Active Directory credentials, and employs multi-layer Relevant Products/Services based on a Relevant Products/Services's or Relevant Products/Services's behavioral patterns. Aorato said that its new firewall profiles, and then learns and predicts, behaviors that could represent threats. Active Directory is employed in Windows networks for user authentication and authorization.

Aorato’s approach, which had previously been in private beta with about a dozen customers, is to monitor Relevant Products/Services between Active Directory servers and such network entities as users and devices. These interactions are used to generate a model of the relationships over time, which the company calls the Organizational Security Graph.

Attack Timeline

Any activities that fall outside the Organizational Security Graph model are watched, as they could be attacks or policy violations, such as protocol irregularities, simple password hacks or attempts to utilize deleted users' credentials. The alerts are mapped onto an Attack Timeline, so that security personnel can determine which events represent steps in an attack and which are isolated and benign single events.

On its Web site, the company says that its approach is adaptive, and does not rely on signatures, rules, thresholds or baselines because the firewall builds its own detection guidelines based on behavior. The firewall can be deployed as hardware or virtually.

CEO Idan Plotnik noted in a statement that a certified identity “enables the attackers to enter and act without getting discovered,” a method of attack that he noted is “highly difficult to locate and defend” against. The company said its technology emerged from the Cyber Security Unit of the Israeli Defense Forces. The company’s three founders -- Idan Plotnik; vice president of professional services, Ohad Plotnik; and vice president for research and development, Michael Dolinsky -- all served in the Cyber Security Unit, and each has a decade’s experience in computer security.

‘Gaping Hole’

On the company’s blog, Idan Plotnik wrote that a couple of years ago during a security project for a major bank, he realized that Active Directory represented a “gaping hole that the security industry hasn’t properly addressed.” He added that “AD is by default, and by design, exposed,” on a permanent basis.

He pointed to the fact that one of the largest and most famous unauthorized captures of confidential information -- Edward Snowden’s pilfering of National Security Agency documents -- used colleagues’ passwords to gain entry. DAF, he implied, could have made a difference in that case.

The company has received about $10 million in venture capital investments from Accel Partners, Innovation Endeavors and Glilot Capital Partners.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.