News

Hacker Marketplace to Help Build Zero-Day Appliance

WabiSabiLabi plans to start integrating its zero-day research into a UTM appliance.

By Robert McMillan, IDG News Service (San Francisco Bureau)

May 09, 2008

WabiSabiLabi, the company best known for building an online marketplace for security flaws, is getting into the hardware business.

The company is working with an unknown Italian company called Oneshield Security to build a unified threat management (UTM) appliance that will integrate the research generated by WabiSabiLabi's network of researchers.

WabiSabiLabi did not say how this partnership will benefit the independent researchers who contribute to the company's marketplace of unpatched "0day" vulnerabilities, but that information will be forthcoming, said founder Roberto Preatoni in a blog posting.

UTM appliances blend several security products into one server. In addition to protecting from the WabiSabiLabi 0day attacks, the Oneshield device can serve as a firewall and antivirus device and will provide protection from many different threats, including denial of service (DOS) attacks.

Since its founding nearly a year ago, WabiSabiLabi has garnered a lot of attention because of its controversial open-market approach to selling software vulnerabilities as well as the legal troubles of Preatoni, who was arrested by Italian police in November on spying charges.

Preatoni, a colorful and well-known figure in security research circles, had worked as a penetration tester for Italy's largest telecommunications company, Telecom Italia. According to news reports, Preatoni helped staff a 10-member "Tiger Team" that has now been accused of hacking and spying on business executives and journalists in Italy.

Last month, Preatoni broke his silence on the case and said that he would stay on with WabiSabiLabi.

By integrating its unique research into a single device, Oneshield is doing the same thing as many larger security companies, said Jon Oltsik, senior analyst at Enterprise Strategy Group. "It's not unusual for companies to integrate customer premise equipment with threat research that they do," he said. "The thing that's unusual here is that they're looking to recruit partners to provide these services."

Oneshield expects to start shipping its appliance at the beginning of June. The company has not said what it plans to charge for the appliance, or for the optional managed security services package that will ship with it.

Other stories by Robert McMillan

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development