Staying under the radar

The following article by the Register caught my attention: "NHS computers hit by voracious, data-stealing worm"

The interesting thing is that Qakbot is a known malware, well-documented by Symantec. Therefore, COTS Anti-Virus product should catch it, right?

As described on the Register, Qakbot spreads through Web pages that install malware by exploiting patched vulnerabilities in Microsoft’s Internet Explorer and Apple’s QuickTime software. It is able to self-propagate on local networks through file shares. It "moves slowly and with caution, trying not to bring attention to its presence" it is staying under the radar!

For some reason, the National Health Service (NHS) network was hit by a malware which has been known since May 2009… Could it be another sign that COTS cyber security products can be circumvented by advanced malware?

For me, this is just another confirmation that COTS security must be complemented by additional layers of custom-built cyber defense.

Jerome

Qosmos and Tilera: when 2 leaders join forces, developers win

Qosmos has been working with processor specialist Tilera for some time. Our engineers had already optimized the way Qosmos DPI and Network Intelligence Technology is implemented on the Tilera TilePro.

Today we have gone a step further: we have designed a new DPI and network intelligence card (called ixBoard) based on the Tilera TILExpress-20G.

Why?

1. 100% x86 CPU cycles are now available for the customer application, since all protocol decoding is offloaded on ixBoard
2. Customer can continue to develop applications under x86 while keeping the full benefits of the Tilera 10Gbps card

As an additional benefit, ixBoard also facilitates the work for product designers who are neither experts in multi-core architecture nor in DPI. They are free to do what they do best: develop complete solutions.

We use the 64 cores of the Tilera card to optimize performance and parse traffic in real time. Packets, content and metadata are extracted through the PCIe bus, and streamed as raw data to the buffer. This means that the host can use the data in any way and format. Application developers can remain in their familiar Intel/x86 environments, and the extraction and delivery of traffic data (at 10 Gbps) is transparent for them.

Today, most application developers come from the software world. They are not always familiar in network infrastructure (protocols and packets), they just need traffic metadata and events. Typically, it would take considerable time and energy for them to learn how to develop on multi-core processing, and also to develop the network analysis features needed.

Our initial customer feedback on the offload card is very positive, and the combination of two domain of expertise (Qosmos for DPI + Tilera for multi-core processing) save them a lot of time, and money, and headaches!

Jerome