The flagship product line from Tested Technologies is based on their Hyperblocking technology, which seeks to block both spam and intruders by positively identifying their IP addresses, and then comparing that address to a database of IP address profiles that is collected and updated in real-time from all users of the technology.

The Hyperblocking technology examines traffic transmissions (E-mail and typical Internet traffic is examined via separate product offerings, see below) and traces the tranmission to its originating IP address. This address is taken directly from the TCP connect stack in the ISP and SMTP products; and gleaned from the message's meta data information in the SourceBlock product. This address is then compared to a central database, to determine if it is known for its malicious activities. If so, the connection is refused, causing the organization's network to appear as if it is invisible to the malicious machine itself (E-mail senders, for example, would typically receive a rejection message). Users of Hyperblocking products themselves become part of the data collection grid that is used to build the central database of IP addresses and examine their behaviors; TCP connection statistics are forwarded from the customer's site to the central database, which correlates the behavioral characteristics of the IP addresses and returns this data to the customer's site for continued use with their Hyperblocking-based products. The process is automated, and according to the vendor requires little to no administrative effort on the part of the customers. Administrators can also define whitelists that allow all traffic from known good addresses to flow through the filters.

In addition to the base blocking capabilities provided by the products, the vendor notes that reports and notifications are automatically sent to the ISPs and system administrators of the IP addresses with known malicious behavior, providing evidence of the malicious activities themselves (such communications are carried out directly by the vendor themselves).

Initially, three products based on the Hyperblocking technology will be available from the vendor:

- SourceBlock: For individual E-mail users (the MS Outlook 2000+ on Windows 95 or later version is about to be released to alpha testing at this writing). SourceBlock is a toolbar add-in that provides the user with a one-click mechanism to forward spam E-mails--complete with necessary forensic information--to the Tested Technology central database for analysis; if the sender of the E-mail is confirmed to be engaged in malicious activities (via examination of the sender's activities and corroboration with reports sent from other users) the vendor sends the manager of that IP address a notice with evidence of the malicous activity and additionally alerts the FTC of the incident. SourceBlock additionally identifies E-mails from known spam senders as spam via interrogation of the message's IP address meta data.

- Hyperblocking-SMTP: Communicates with the customer's SMTP server and inspects all inbound connections for traffic originating from known, malicious IP addresses. The platform maintains a link to the central IP attribute database, both sending the organization's TCP statistics and receiving IP attribute table updates on a 5-minute polling cycle (a local copy of the DB is maintained to protect against connectivity problems with the central database). Hyperblocking-SMTP is initially available for Linux and sendmail, with Solaris (March) and Windows/Exchange Server (May) versions expected to follow.

- Hyperblocking-ISP: Is deployed inline with the organization's firewall and watches/blocks inbound Internet traffic including FTP, SSH, Telnet, VPN, POP, IMAP, and HTTP based on the sender's IP address (as in the process described above). The vendor notes that future versions of the product will work in conjunction with the firewall itself; providing them with "near real-time" updates of the IP address tables from the central database. Hyperblocking-ISP is also initially available for Linux, with Solaris (April) and Windows (May) versions expected to follow.

Hyperblocking-SMTP and Hyperblocking-ISP are available as a product bundle, with pricing based on the number of CPUs. It's free for a home user with a single CPU; corporate user pricing starts at $600/CPU (1 CPU) with volume discounts for larger numbers of CPUs.

Visit the Tested Technologies Web site for further information.