When it comes to a network attack, time is of the essence. Hackers gather information quickly. By the time you realize your network has been breached, your data has likely already been compromised. Wouldn't it be great to have a tool that can more quickly identify an attack and improve the response time? Well, researchers with the Department of Energy (DOE) have developed an open-source tool to do just that. According to Dark Reading:
The so-called Hone tool is basically a host-based sensor that automatically pinpoints which applications or processes infected machines and an external network are using to communicate. So it could help determine the specific app used between a bot and its command and control, or between an infected machine and the attacker trying to siphon information or intellectual property.
Glenn Fink, a senior research scientist with Pacific Northwest National Laboratory (PNNL), first came up with the basis of the tool while working as a postdoctoral researcher at Virginia Tech. At PNNL, Fink was able to get support and funding to fully develop Hone. Hone should be able to detect malicious apps or malicious behavior.
Hone might solve what Fink says is the inefficient way we deal with security problems. According to CIO Magazine:
Right now, security and system administrators spend much of their time searching for unusual patterns in communications between computer systems and the network, Fink said. The problem is that once such a pattern is found, there's nothing to say which program is doing the communicating, so the administrators closely watch the system hoping to see the program work again and allowing them to get a better read on the situation.
Hone generates a record of all the communications within the network, including both systems and specific programs. In turn, it is easier to more accurately identify cyber attacks. It detects the unusual traffic and can isolate it.
The software is still in the early stages of development. It is a free, open-source download and the researchers at PNNL want people to try it out. However, right now, Hone is only available for Linux, but the researchers are working on versions for Windows 7 and Mac OS X.
Only time will tell if Hone or any similar tools are the game changers in protecting networks from attack, but it appears to be a promising start.