Lucid Improves Intrusion Prevention with ipANGEL Beta

Lucid Security is presently seeking testers to beta test ipANGEL, its "adaptive intelligence" intrusion prevention (IPS) and vulnerability assessment system. ipANGEL is designed to augment existing security gateways and prevent un-patched vulnerabilities from being exploited.

Once installed, ipANGEL automatically discovers hosts and applications, acquires firewall policy data, then runs checks for vulnerabilities. A company spokesperson claims that ipANGEL is currently the only self-tuning IPS.

According to Lucid's Vice President of Research & Development, Bob Scipioni, packets do not pass into a protected network until they are verified by ipANGEL's vulnerability assessment script. The script examines the datagram of incoming packets for malicious intent as a second line of defense to the firewall. In essence, the firewall is treated as a host that offers a connection service.

Scripts are updated through a circular process involving daily "calls" back to Lucid Security's server database containing aggregate network information. A modified version of the Nessus security scanner seeks out network changes that took place, allowing in-house developers at Lucid to develop updated scripts. A standard boilerplate serves all customers.

Scipioni pointed out that computer hackers are often no longer looking for a specific port, but rather have turned their attention to port 80 - vulnerable applications downloaded from Web browsers.

To ward off this scenario, an inline version of ipANGEL works to deny access to un-trusted applications.  If trusted clients attempt to access an un-trusted application they will be stopped. Lucid provides the example of ipANGEL being placed in front of a database engine -- deployed without a firewall -- inside a network.

Changes slated for introduction in the beta version include the ability to work with firewalls inline rather than as a peer node, and the added support for several more brands of stateful inspection firewalls including: Check Point, IP Tables and Cisco PIX. ipANGEL imports firewall policies.

The beta cycle will span 5 to 8 weeks, with an estimated release date towards the end of July. Lucid desires a targeted group of testers with the prerequisite of Intel hardware.  Testers may apply by e-mailing Lucid Security.