Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.
The main idea is that the human body recognizes and takes action to prevent infection before it becomes a major threat. This software learns how a server works normally before it begins the process of detecting anomalies in the server's behavior, i.e. a potential attack. The software can be configured to block an attack.
Installing the software was troublesome from the start, with the install process reporting various errors. Repeated attempts to get the browser console running proved fruitless until we called in Sana Security's tech support.
Luckily, after a couple of emails, the support staff called back and within about an hour a solution to our problems was supplied.
The console is relatively clutter-free and shows such data as alert activity and machine status. The console relies on agents, running on the servers you want to protect, sending data to the main console. Installation of the first server was easy enough but installation on the second server did not show up on the management console. Due to time pressures, we decided to run our penetration tests on the one server that had the agent software fully working.
The developers suggest that in order for Primary Response to learn the behavior of the applications it is meant to guard, it should be installed either onto a high network traffic machine or on a lab machine with a third-party application traffic generator. If this was to be installed on a real-life system then we would advise the use of other protection systems on the server in the first few hours while it 'learnt' what were the normal patterns of usage.
After a fashion the box learnt how to protect a system, but it did not seem as straightforward in feel or use as other products in our test. The various problems encountered installing the software and getting it running could mean this tool is for the more experienced security professional. We expect better things from later versions.