IBM has introduced the Billy Goat intrusion detection technology to help firms tackle viruses, worms and other threats, as well as reducing the number of false security alarms in an organisation.
Billy Goat dupes remote attackers into believing that it is an unprotected IT asset worth targeting. It then locks down any subsequent attacks, stopping them spreading to other parts of the organisation.
Billy Goat was first developed to help ISPs deal with malicious programs being spread by exploited computers on their networks and is now being offered by the IBM Global Services unit as a packaged service.
To potential attackers, Billy Goat appears on a corporate network as a collection of vulnerable servers.
“Billy Goat uses a unique approach to detect malicious software by responding to requests sent to unused IP addresses, which from a worm's-eye view looks like a network full of machines and services,” said Dr James Riordan, lead designer of Billy Goat at IBM's Zurich Research Lab.
This creates a virtual environment for the worms and viruses, said Riordan.
As soon as Billy Goat gets attacked, the system identifies the hostile computers and blocks them from contacting other IT assets.
The system can also reduce the number of false alarms activated by potential threats, which can do no real harm to an organisation, said IBM. Large numbers of false alarms reduce the amount of IT management time that can be used to deal with more important tasks.