ActiveScount Seeks To Mimic Hacker Attacks

ForeScout Technologies has released Active Scout, which seeks to mimic and then prevent the types of target reconnaissance conducted by computer hackers prior to an attack. During such reconnaissance hackers collect service banner information, OS type, application versions and other valuable data. ForeScout Technologies said that if a credit union can detect recon activity and reply with bogus responses, it can then later block any traffic destined for a bogus target, which is the idea behind ActiveScout. "ActiveScout basically inserts an ink dye into response traffic to mark suspicious traffic," the company said. "It monitors traffic for suspicious requests, and replies to them with bogus information about what hosts and services are available. Should ActiveScout see that bogus data reappear in another connection attempt, it can block the attack and alert administrators for further action."

ActiveScout has two primary components: The Scout sensor and the GUI-based management console. An optional management server allows enterprises to aggregate and control multiple Scouts. ForeScout also offers an add-on "Enterprise Heads-Up" module, which disseminates attack intelligence to all Scouts on a network, instructing them to block specific traffic even if they haven't seen recon activity. ForeScout said the sensors and console run on any commercial off-the-shelf box, and that the cost is below $3,000 for a single sensor. For info: 650-358-2182.