News

• About SLCEC
  • Letter from the President
  • Mission Statement
  • Management Profiles
  • Boards and Members
  • Awards and Recognitions
  • 2010 Annual Meeting
  • Career Opportunities
  • 2009 Annual Report
  • RFPs / RFQs
• About St. Louis County
  • St. Louis County
  • Economic Recovery Plan
  • County Fact Book
  • St. Louis County Maps
  • St. Louis County Facts & Figures
  • Transform Missouri Initiative
• Services
  • Business Development
  • Real Estate & Community Dev.
  • World Trade Center
  • St. Louis Enterprise Centers
  • Business Finance
  • Economic Dev. Collaborative
• Major Projects
• In the News
  • News Articles
  • News Releases
  • Calendar of Events
  • RSS Feeds
  • SLCEC Event Gallery
  • Newsletters
  • Contact Us
• Contact Us
• Site Search

• About SLCEC
  • Letter from the President
  • Mission Statement
  • Management Profiles
  • Boards and Members
  • Awards and Recognitions
  • 2010 Annual Meeting
  • Career Opportunities
  • 2009 Annual Report
  • RFPs / RFQs
• About St. Louis County
  • St. Louis County
  • Economic Recovery Plan
  • County Fact Book
  • St. Louis County Maps
  • St. Louis County Facts & Figures
  • Transform Missouri Initiative
• Services
  • Business Development
  • Real Estate & Community Dev.
  • World Trade Center
  • St. Louis Enterprise Centers
  • Business Finance
  • Economic Dev. Collaborative
• Major Projects
• In the News
  • News Articles
  • News Releases
  • Calendar of Events
  • RSS Feeds
  • SLCEC Event Gallery
  • Newsletters
  • Contact Us
• Contact Us
• Site Search

Computer security firm brings new filter to commercial market

ST. LOUIS POST-DISPATCH
By Tim Barker
07/26/2009

In early July, a coordinated cyber assault wreaked havoc on government websites in the United States and South Korea. Three weeks later, investigators still don't know who did it or even which country they did it from.

In some ways, the incident set up the ideal backdrop for one area company -- Chesterfield's TechGuard Security -- to enter the commercial market with a device aimed at dealing with various Internet threats.

The 9-year-old firm, which has long focused on securing government computer systems, is turning toward the private sector with its Poliwall Q, which acts as a filter between the Internet and a company's computer network. Among other things, the device allows its owner to decide -- often with the click of a button -- who can and cannot see the website or network being guarded.

"If you are going to use the Internet, you don't need to be open to everyone all the time," said Suzanne Magee, chief executive of TechGuard, which also has offices in O'Fallon, Ill., and Baltimore.

It's the sort of defense mechanism that could be brought into play against an attack such as the one in early July, when networks of hijacked computers situated in several countries were used to overwhelm targeted sites here and in South Korea.

That relatively unsophisticated assault served as a reminder to security experts about the vulnerability of many computer systems, said Fred Cate, a law professor at Indiana University and director of the Center for Applied Cyber security Research.

"It's not that they were shut down. They were shut down by a 10-year-old attack," said Cate, referring to the so-called "denial of service" attack, in which a site is bombarded with so much traffic that it essentially shuts down.

The Poliwall uses technology developed with $2 million in support funding from the Department of Defense. It has several filtering functions, including the ability to block all traffic from any country. That's made possible by the fact that every computer user in the world is assigned an Internet Protocol address that's generally related to where he or she lives. Each country has a range of IP addresses, in much the same way that cities have specific area codes. The Poliwall knows each country's range of addresses, making it easy to block them as a group.

The device also can be loaded with extensive lists of approved users -- again, based on IP addresses -- and can track vast lists of known spammers to significantly cut nuisance traffic.

Although many of the Poliwall's features aren't necessarily new -- IP address blocking, for example, has been around for years -- some experts say the device appears to make it easier to do.

Vince Sechrest, practice leader of network services for Maryland Heights-based SSE Inc., an information technology firm, said he hadn't yet seen the device in operation, making it difficult to evaluate its performance.

But he pointed to one feature as a step forward in system security: The device can monitor outgoing traffic, making it easier to detect the aftermath of a break-in. For example, it could be set up to send an alert if large chunks of data are suddenly sent to another country. It's one of the areas security experts are starting to focus on as criminals find new ways into computer systems, he said.

"We'll watch what's going out, because anyone that breaks in has to send that data somewhere," Sechrest said.

For now, the devices -- they aren't cheap at $5,000 to $10,000 each -- are being marketed to financial, health care and educational institutions. Later this year, however, a scaled-down version is expected to be introduced for consumers and small businesses.

Gurpreet Dhillon, professor of information systems at Virginia Commonwealth University, sees devices such as the Poliwall as a good first line of defense. But Dhillon and others point out that smart hackers and cyber criminals use a variety of methods to disguise their true IP addresses. The early July attacks represent a perfect example of that, as investigators still don't know who did it.

Dhillon worries that companies or individuals using such a device might become lax in their efforts to protect themselves.

"Systems such as this one can give a false sense of confidence," Dhillon said. "That doesn't mean, unfortunately, that you are totally safe. Software can only do so much."