A Method For The Generation and Use of Global Network Reputation
Reputation Systems for Network Security
Reputation systems, used in IPS (Intruder Prevention Systems) and UTM (Unified Thread Management) systems, have seen rapid adoption as an integral part of operational network security. These host reputation systems simply publish a list of IP addresses that have been identified as origins of malicious behavior. These lists can be used to identify infected hosts in a given network for cleanup or in block lists to prevent traffic to and from such hosts. But, malicious behavior of hosts is often a reflection of the general security posture of a given network. Network reputation (as opposed to host reputation) is a measure that aims to capture the overall security and health condition of a network. Such a measure, when established globally and uniformly, will allow the Internet community to easily interpret the relative security posture of a given network, and to adopt the appropriate local security policy that is consistent with the perceived risks when communicating with another network. More importantly, this will provide the incentive for the administrators and operators of a network to enhance its security image by adopting better and more effective security measures. Current revenues in IPS and UTM border $4.5 Billion in revenues, and this technology will be key for companies trying to stay competitive in this market.
Network Reputation Systems
Researchers at the University of Michigan have developed a methodology and architecture for generating and using a global network reputation system. In a lot of ways this network reputation system can be considered similar in nature to the consumer credit rating system as the reputation index of a network is a direct reflection of the relative security posture, policies and health of that network or organization. The technology compiles information from passive data sources, other networks, and active data gathering to provide a single network reputation index. This index is then used to select the security policies to be followed when interacting with the network in question.
• Network Security Applications
• Firewall Policies
• Network Security Policies
• Application Security
• Secure Routing of Network Traffic
• E-mail SPAM Detection
• IPS (Intrusion Prevention Systems)
• UTM (Unified Threat Management)
• Help assess the security risk of entire networks, instead of individual hosts.
• Integrate the knowledge of other networks in our policy decisions.
• Allow for increased flexibility when selecting security policies for interacting with unknown networks.
• Provide an incentive for network administrators to address security issues in order to maintain a good reputation.