Determina beats intruders to application hacking

15.05.2006
Malicious hackers are constantly exploiting software vulnerabilities. Vendors and IT staff alike spend countless hours racing to update protection signatures and install patches before their exposed systems can be compromised. It's a never-ending battle that favors the hackers.

A few years ago, a group of MIT scientists -- who had begun working on in-line compiler optimization technology back in 1999 -- realized that their compiler technology could protect enterprise applications in a new, pre-emptive way. Rather than merely "closing the barn door," IT could build defenses on the fly based on application behavior. From that realization was born

Determina, named for the deterministic algorithms underlying its technology.

Traditional approaches to intrusion detection look for changes in program behavior that take place after a successful attack, based on well-known signature patterns. Often, they mistakenly flag abnormal yet harmless behaviors, such as those caused by bugs or unusual scenarios that have not yet been modeled in the threat-detection systems, notes Determina CTO Saman Amarasinghe, who developed the original compiler optimization technology. Hackers can eventually defeat such systems by finding ways to produce normal signatures.

Determina's Memory Firewall takes a different approach to monitoring. By essentially "pre-hacking" applications, it can monitor what's happening inside them and detect and prevent attacks as they begin. "We will look for the root cause," Amarasinghe says.

Determina forces all applications to run in a managed program execution layer akin to how VMware runs an operating system in a virtualized layer. "Every instruction is run by us," Amarasinghe says. Memory Firewall doesn't have to guess from outside as to what is actually happening in the software, which in turn eliminates false positives and masked signatures.