Abatis has early adopters which include Lockheed Martin, the civil nuclear sector, the air traffic control sector, the website of the United Nations, the Swiss military, London’s Network Rail and controversial French multinational IT services provider ATOS.
CEO Kerry Davis likens the company’s kernel driver to “the invention of the wheel – it’s really significant”.
The product is 100kb of discrete and autonomous code, prevents all attackers from writing to permanent storage, requires no signature files or whitelists, uses no heuristics or sandboxing, saves 7 per cent of electricity costs, offers a 40 percent performance improvement over signature-based AV solutions, is backwards compatible to NT4 on Windows and is also available for Red Hat and other brands of Linux and Unix, in addition to a forthcoming iteration on Android.
In short it is a bloody miracle.
“We can stop zero day malware,” claims Davis. “The known unknowns and the unknown unknowns,”
Lockheed Martin, have released a partial report of its results using Abatis , which finds the potential for scalable savings in data centres ‘highly significant’, observing ‘a potential annual cost saving in excess of £12 at server level’ – scaling up to £125,000 in a data centre with 10,000 servers.
Its secret sauce appears to be a in-kernel defence mechanism, so when the computer fires up … the moment the files become apparent in the system. HDF [Abatis Host Integrity Technology] is protectings all the other programs that come afterwards.
If you try to get ahead of it in the stack it won’t let you…it’s looking for unapproved I/O traffic related to specific processes. You won’t stop processes from running in memory, but you will stop processes writing to disk,”
It has its limits. It will not help server environments that don’t reboot for months and malware can do a lot of damage without writing to disk.