Jericho Forum members welcome advent of application assurance
Stand G792, Infosec Europe, Olympia (25-27 April)
Oxford, UK, 25 April – At Infosec Europe a new company is being launched that is set to change completely the intrusion detection and prevention landscape. Secerno represents a fresh new breed of application-level protocol intrusion detection (APID). It is an application assurance platform that puts understanding, control and protection of digital assets back into the safe hands of CSOs. In line with the Jericho Forum’s Ten Commandments just announced, Secerno offers a “scope and level of protection specific and appropriate to the asset at risk” – an underpinning principle of de-perimeterisation. Secerno’s mission is to protect any application from all threats – known or unknown, internal or external. SQL databases are the first applications to be protected using the Secerno approach.
“The inadequacies of traditional IDS are felt by many security professionals. Trying to find a small needle in a large haystack best describes its efficiency” says Paul Simmonds, global CISO of ICI and Jericho Forum board member, “Application-specific Protocol-level IDS is definitely the way forward. For the first time this technology enables developers to pinpoint exactly were the error lies – right down to a particular line of code By putting protection right up close to the application it needs to safeguard, Secerno’s approach addresses one of the key principles of de-perimeterisation.”
The Secerno technology provides an intelligent kernel based on complex mathematical algorithms developed at Oxford University which protects against any threat to a digital asset by understanding its normal usage and then blocking unauthorised use as abnormal behaviour. It is not constrained by the usual black list/white list approach. Protection takes place at the perimeter of the digital asset or application itself – right up close to what is being secured – in other words, this is micro-perimeterisation.
Simmonds continued “The problem with traditional IDS is that it is carried out at the network level. This new technology provides a more efficient resource for the developer by allowing him to visualise exactly what his application is doing. By moving profiling to the protocol level it enables the developers and administrators to become truly proactive in their security strategy. I believe that Secerno’s technology singles them out as a new British technology company that could really go places.”
David Lacey, former CSO and blue skies strategist for the Royal Mail Group furthered Simmond’s comments “Agility and adaptability are absolutely the keys to the future of security. We firmly believe it is essential to decouple security from the limitations of infrastructure and move it close to the data that needs protection. Intelligent data-mining of this type represents the next generation of security tools and is fully in line with de-perimeterised philosophy.”
According to Yankee Group research, the confidentiality and integrity of an estimated 70% (by volume) of all critical and sensitive information relies on database mechanisms.
As compliance and regulatory demands become more stringent, auditors for regulations such as Sarbanes Oxley and the Visa CISP are increasingly pushing business to adopt higher standards in database security including tighter controls over changes, access and configuration management (again according to Yankee Group).
"We are massively excited about the potential of our breakthrough technology to provide security where it really matters: protecting a company's data assets against all threats; internal or external, known or unknown. We welcome the support of these Jericho Forum members and look forward to working with our Alpha programme partners to bring the technology through its final step to commercial implementation." said Paul Davie, CEO of Secerno.
According to Gartner the database management systems software market is set to grow dramatically over the next five years bringing it to $13.2 billion in 2009. Database security will therefore become ever more important as the market grows.
At the same time the number of security breaches is proliferating. In their 2005 study “The Impact of Hi Tech Crime on UK Business”, the National High Tech Crime Unit found that 89% of those interviewed had experienced a significant security breach during the year. The estimated cost of high tech crime to organisations with over 1000 employees was an astounding £2.4 billion
What is different about Secerno’s approach?
Commonly, detection of security flaws in applications and databases requires a painstaking forensic examination of all the possible behaviour patterns. An application using a language, such as SQL or SOAP, has an infinite number of legal statements. It is mathematically impossible to define all illegal uses of the application and it is also unfeasible to define all legal statements.
At the heart of Secerno is an intelligent kernel deploying a unique set of mathematical algorithms developed by Dr Steve Moyle, CTO of Secerno, at Oxford University and capable of analysing transactions for any application which uses a defined language. Secerno understands the exact subset of the language used by a specific application in its unique context. It creates a model of normal use called the Application DNA (Dynamic Normal Activity). Every transaction is compared to its application DNA and is automatically blocked (or alerted) if the transaction does not match.
What key benefits does this deliver?
Secerno’s intelligent approach provides a number of compelling benefits to users:
• Real time monitoring and safeguarding of applications
• Customised security for applications and databases
• Automated protection based on a real understanding of application behaviour
• On-going protection against any threat, known or unknown, internal or external
• Auditing and reporting of the actual use of an application
• Automated policy generation
All this and more with no impact on the performance of the system being protected. The Secerno solution requires no agents to be installed and no changes to be made to the application in order for it to function.
Secerno is announcing its first product – Secerno.SQL – on Stand G792 at Infosec Europe and this will be available in the market in Q3 2006. At the show, the company will be seeking to engage with early adopters from blue-chip organisations interested in joining the alpha partner programme. A number of industry influencers have already favourably reviewed the technology and user feedback is emerging:
“DVD.co.uk expects to benefit significantly from Secerno’s analysis, through both reduced losses from fraudulent transactions and improved development processes." said Matthew Bowden, Technical Director of DVD.co.uk.
Secerno was originally founded in 2003 by CTO, Dr Steve Moyle and CEO, Paul Davie as the result of original research in to symbolic machine learning techniques led by Dr Moyle at Oxford University and is still located in Oxford. At Secerno, Dr Moyle has led the application of the research to the development of the Secerno kernel for protecting online digital assets. Secerno is funded by UK investors, including Eden Ventures, Quester (Isis College Fund) and Oxford Venture Management, who have a successful track record for backing winning innovators and entrepreneurs.
Tel: 01344 844774; Mob tel: 07950 033370
Tel: 01865 812055
This press release was distributed by ResponseSource Press Release Wire on behalf of Jane Folwell in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.