Experts at networking giant Cisco Systems are learning from the principles of the human immune system to improve methods of computer security.

The supplier believes prevention is better than cure when it comes to guarding the internet and corporate networks from security threats.

At the RSA Conference last week, the company launched 10 new products as part of the next stage of its Self-Defending Network strategy, aimed at spotting viruses and unwanted intrusions before they enter a system.

'Network security has to act like the human body,' Cisco chief executive John Chambers told delegates. 'It needs to be aware of things that are happening. It needs to be a self-defending, self-healing type of environment.'

The growth in zero-day attacks, real-time applications such as voice-over IP and instant messaging, and remote working, all mean that the 'walled fortress' approach to security, which relies on standalone products, is insufficient for modern day businesses, he says.

'As you put more and more intelligence into the applications, security is critical,' he said. 'Security has to go across every device and application in the network, and tie into business processes and policies as well.'

Cisco's new products, components of its Adaptive Threat Defence (ATD) network, encompass three major areas: 'Anti-X' defence, focusing on malware, anomaly detection and inappropriate content; application security, including 'deep packet' inspection and usage enforcement; and network admission control, to guard who and what enter systems.

'Firms have always put security products at the perimeter of the network,' Richard Palmer, general manager of virtual private networks and security at Cisco, told Computing.

'But nowadays, companies have multiple internet connections and allow customers and employees to access their network from multiple locations and devices. All this means that the perimeter is practically undefinable.'

Cisco's ATD strategy plans to move network security to the creation of an intelligence information network, where each element is integrated and works in unison to speed up business processes and ward off threats.

Chambers hopes this will help computer systems to spot zero-day attacks and new threats before they are known, in the way the human body guards against new health threats.

'Today we focus on viruses and worms and trojans, but there is going to be a whole different set of terms in five years' time,' he said.

Cisco is not the first to advocate the preventative approach for computer and network security, but by putting its weight behind the principle there could be profound knock-on effects on the anti-virus market.

'We will not be looking for a [virus] signature but for behaviours,' said Palmer. 'For example, you don't expect certain servers to start generating email or buffer overflows, so we can set rules to look for.'

In effect, automated, intelligent intrusion prevention could do away with traditional anti-virus software that relies on sending out a signature-based cure for vulnerabilities, which virus writers exploit.

Jayshree Ullal, senior vice president and general manager of the security technology group at Cisco, says if parts of the company's ATD network had been available before the Slammer worm struck in 2003, much of the $2bn (£1bn) damage it caused could have been prevented.

'One of the products detected and prevented Slammer from hitting while it was in beta test stage,' she said.

By making security part of the fabric for all future networks and applications, businesses will be able to lower costs and allow employees, customers and partners to access systems and services previously unimaginable, says Chambers.

'Security needs to be largely automated. You can have the best security professionals imaginable, but there's no way they can guard against every single danger,' he said.

But Graham Titterington, principal analyst at Ovum, warns that cures are still needed for viruses that get in under the radar.

'A self-defending network is good in principle, and achieveable,' he said. 'But firms aren't going to throw away their anti-virus products. A signature-based approach is still important to use as one of the first lines of defence.'

Getting tough on DDoS attackers

Distributed denial-of-service (DDoS) attacks are on the rise. Last year a number of high-profile online bookmakers and internet payment firms were shut down for days after criminals used armies of infected computers to flood systems with vast volumes of traffic.

'Any attack at this level can bring down your network,' said Jayshree Ullal, senior vice president and general manager of Cisco's security technology group.

But Cisco and other IT vendors are now creating systems to detect and block large spikes in malicious web traffic and huge numbers of page requests from single machines, by re-routing traffic to a guard machine in a matter of seconds while still allowing legitimate customers to access services.

'Large ISPs and enterprises are now using these anti-DDoS products in a big way,' said Ullal.

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.