|
|
|
|
|
 |
|
 |
|
Datasheet
Current firewall, anti-virus, intrusion detection, and
security information management solutions make efficient and
creative use of signature, rule, and policy-based techniques
to help prevent, detect, and mitigate the potential for
internal and external network misuse. As a group these
solutions have become vital to securing the enterprise in what
is becoming an increasingly volatile business
environment.
While the leading players are working hard to fill the gaps in
their offerings and further enhance their current products,
the technologies themselves remain inherently limited in their
ability to detect new types of threats. A further complication
for these companies is that while they strive to achieve their
product development milestones, the typical product
development cycle means they are forever trailing the rapidly
evolving needs of their clients. As a result, the enterprise
remains exposed to unavoidable network vulnerabilities and the
next inevitable system-breaking worm, virus or hack.
To help security technology companies address this challenge,
PWI has developed the Adaptive Security Engine (ASE), a
breakthrough technology for expert security information
analysis.
PDF
version
Adaptive
Security Engine
ASE
is the security intelligence power plant that is fueling the
next generation of IT security products.
ASE overcomes the limitations of policy, signature and
rules-based approaches and represents a major advancement in
anomaly detection that surmounts the two most commonly cited
limitations of today’s anomaly detection solutions: accuracy
and adaptivity.
ASE generates
more accurate results and
reduces the number of
false alerts
by doing a better job of distinguishing between threatening
and non-threatening security events.
As it formulates more precise event categorizations,
ASE simultaneously adapts its perspective of normal and
suspicious events as it takes into account the dynamic nature
of the environment being monitored.
|
| Key
Benefits |
 |
Accelerates time to market and achievement of revenue objectives while
decreasing product management and maintenance costs. |
 |
Creates a first mover advantage and competitive differentiation in an
increasingly competitive market. |
 |
Complements existing product offerings and enhances the value of the
overall product suite. |
|
|
|
·
Key
Features |
Protection
Products powered by ASE deliver unprecedented
detection of new, hybrid, and variant strains of
viruses, intrusion techniques, and other misuse
originating from inside and outside the network.
Organizations that utilize these products experience
improved efficiency and effectiveness of their
security staff as key functions become automated and
intelligence is embedded in the system. Products
enabled by ASE produce higher ROI/EVAs by making the
information they produce work harder to reduce the
time it takes to prioritize and respond to new threats
and vulnerabilities.ASE is invaluable in
the identification of documented threats, but also
recognizes, quantifies, and advises security staff of
any unusual activity that could foretell of the next
attack technique.
Breakthrough
Technology and Approach
ASE leverages a breakthrough combination of applied
mathematic and cybernetic approaches that enable
machine analysis of network security information
similar to that of an experienced system
administrator. ASE organizes security-related
information generated by any combination of data
aggregation tools, appliances and applications, and
also supports import of vulnerability knowledge-bases
from third-party vendors. This
information is formed into rich multi-dimensional
"event vectors" consisting of variable sets
that can range from packet-level data sourced from
firewalls to server and application-level information.
Automatically or as directed by an administrator,
these variables are defined, then weighted and
configured based on the specific analysis requirements
and the unique attributes that reflect a particular
environment.
Applying special
fuzzy clustering algorithms, like-events are
organically arranged into logical, multi-dimensional
groups to form a baseline of normal and suspicious
events (the meta-base). Although fully automated, ASE
enables system administrators to pre-define event
classifications and filters, or apply them on the fly.
New events and event sequences are considered as they
occur and then compared to the dynamic content of the
meta-base. On the basis of this comparative analysis
and considering past experiences, each event is
classified, an appropriate mitigation policy is triggered
and the meta-base can be updated.
New events with
coordinates outside the boundaries of existing
clusters are automatically categorized utilizing
kernel mode classifiers. In response to alerts or as
required, the system administrator can override the
automated classification of single or multiple events
and manually initiate retraining and re-querying of
the meta-base. Over time, these interactions will lead
to a reduction, and ultimate elimination, of false
positives. The meta-base can also be configured to
retrain and refresh automatically.
|
|
|
·
Key
Facts |
|
>> Open
analysis model – overcomes limitations and operational burden
of correlation, rules, signatures and policy based
systems
>> Open data model – accepts security
event data from all manner of devices and systems
>> Anomaly and behavioral analysis
– proven to be more effective at detecting attacks
than rules-based and hard-coded solutions
>> Ease of integration
– snap and configure integration lowers the cost of
ongoing product support & maintenance
>> Unsupervised learning technology
– teaches itself, adapts and reacts as new events
are analyzed and classified |
| ·
System
Requirements |
|
Hardware
• 1 GHz
processor or faster
• 1 GB RAM or greater
• 5 MB of free disk space (for ASA software)
Software
• One of the following operating systems:
Windows® Server 2000 (Service Pack 3 or later)
Windows® Server 2003
Windows XP Pro
Windows Vista
Supported Data Formats
Adaptive Security Analyzer supports syslog, XML,
CSV, ASCII, MDB, SQL, MySQL, Oracle, and any ODBC
compliant data source.
|
|
·
PWI -
Complete Solutions |
·
For More
Information |
|
PWI provides end-to-end product development and
integration services for ASE-powered
solutions.
|
PWI, Inc. (http://www.pwicorp.com/)
68 White Street, 2nd floor
Red Bank, NJ 07701
Email: info@pwicorp.com
Phone:
(732) 212-8110 |
|
Contact
PWI today to learn about a complementary assessment or
to schedule a demonstration.
info@pwicorp.com
|
|
|
|
