Stopping Malware Before It Starts

Simplicita's new identification and quarantine system targets both suspicious sites and infected machines.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

On-Demand Webinar

Posted September 20, 2006

Troy Dreier

(Page 1 of 2)

Malicious software doesn't just drag down individual machines -- it's also a huge drain on networks. That's why Simplicita has created Simplicita ZBX, an identification and quarantine system that works by targeting both suspicious sites and infected machines.

While the product is now available for Internet service providers, an enterprise version that works with private networks should be available by next summer.

Simplicita ZBX is actually made of up three components that together create a tight ID and quarantine system. (See screen shot below.) First, the Reputation Knowledge Server creates a list of IPs that are known to send malware. To gather this, the company relies heavily on the unsung work of the Shadowserver Foundation, which complies databases of harmful Internet activity.

The Reputation Knowledge Server passes information to the DSN Traffic Switch, which blocks access to malicious sites. Previous efforts at controlling the problem have relied on individual users downloading and installing anti-virus programs. But administrators can't hope for full compliance, so it's more effective to simply block access to known trouble spots.

When a computer is infected with malware or when it attempts to access a suspicious site, the third component, the Walled Garden Server, comes into play. If the user has a corrupted machine, this server can provide access to software downloads that can clean it, or provide a link to technical help.

If the user was trying to access a known malware provider, this page could explain why the connection can't be made.


You can see an example of Simplicita ZBX's warning page, which tells users how to fix their computers, in this screen shot.

Page 1 of 2

1 2
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.