Networking systems and individual applications have traditionally been defended using signature-based
tools that protect the perimeter, many times to the detriment of service, performance, and information
flow. These tools require knowledge of both the system on which they run and the attack they are
preventing. As such, by their very definition, they only account for what is known to be malicious and
ignore the unknown. The unknown, or zero day threat, can occur when defenses have yet to be
immunized via a signature or other identifier of the threat. In environments where execution of the
mission is paramount, the networks and applications must perform their function of information
delivery without endangering the enterprise or losing the salient information, even when facing zero
day threats. In this paper we, describe a new defensive strategy that provides a means to more
deliberately balance the oft mutually exclusive aspects of protection and availability. We call this new
strategy Protection without Detection, since it focuses on network protection without sacrificing
information availability. The current instantiation analyzes the data stream in real time as it passes
through an in-line device. Critical files are recognized, and mission-specific trusted templates are
applied as they are forwarded to their destination. The end result is a system which eliminates the
opportunity for propagation of malicious or unnecessary payloads via the various containers that are
inherent in the definition of standard file types. In some cases, this method sacrifices features or
functionality that is typically inherent in these files. However, with the flexibility of the template
approach, inclusion or exclusion of these features becomes a deliberate choice of the mission owners,
based on their needs and amount of acceptable risk. The paper concludes with a discussion of future
extensions and applications.
|