Open source tool Hones in on malicious activity

Researchers at a US energy department lab have released an open source tool to detect malicious cyber activity within an enterprise, Government Computer News reports.

The tool, called Hone, can trace every packet of every application, and by tracing malicious traffic to the application that originated from it, IT administrators can identify the source of a compromise more quickly.

This is according to Glenn Fink, senior research scientist at Pacific Northwest National Laboratory, who invented Hone.

Fink reveals the tool is available for the Linux operating system kernels 2.6.32 and later, with other versions in development for Windows 7 and XP, while a Mac OX version is in the pipeline, TechWorld states.

Fink claims Hone can identify relationships between programs and network activities. In addition, it can identity cyber attacks accurately, and could also be adapted to limit how processes can communicate to the network.

According to Fink, in the past, security and system administrators spent much of their time searching for unusual patterns in communications between computer systems and the network, CIO Insight says.

“The problem is that once such a pattern is found, there's nothing to say which program is doing the communicating, so the administrators closely watch the system hoping to see the program work again and allowing them to get a better reading on the situation.”