Israeli Startup Launches ‘Behavior Firewall’

An Israel-based startup unveiled on Tuesday what it describes as the first behavior-based, context-aware firewall for businesses. Built around MicrosoftEUs widely used Active Directory (AD), it looks at suspicious activity and attempts to model a pattern of behavior.

The Directory Services Application Firewall (DAF) product from the company, Aorato, watches for unauthorized use of Active Directory credentials, and employs multi-layer protection based on a network's or application's behavioral patterns. Aorato said that its new firewall profiles, and then learns and predicts, behaviors that could represent threats. Active Directory is employed in Windows networks for user authentication and authorization.

AoratoEUs approach, which had previously been in private beta with about a dozen customers, is to monitor traffic between Active Directory servers and such network entities as users and devices. These interactions are used to generate a model of the relationships over time, which the company calls the Organizational Security Graph.

Attack Timeline

Any activities that fall outside the Organizational Security Graph model are watched, as they could be attacks or policy violations, such as protocol irregularities, simple password hacks or attempts to utilize deleted users' credentials. The alerts are mapped onto an Attack Timeline, so that security personnel can determine which events represent steps in an attack and which are isolated and benign single events.

On its Web site, the company says that its approach is adaptive, and does not rely on signatures, rules, thresholds or baselines because the firewall builds its own detection guidelines based on behavior. The firewall can be deployed as hardware or virtually.

CEO Idan Plotnik noted in a statement that a certified identity EUenables the attackers to enter and act without getting discovered,EU a method of attack that he noted is EUhighly difficult to locate and defendEU against. The company said its technology emerged from the Cyber Security Unit of the...

Comments are closed.