|
(Click
here to view actual article)
July
30, 2003 - Applying Adaptive Analysis to IIS Message
Streams
BY JOHN DESMOND
eSecurity Planet Staff
ThreatSentry from
Privacyware is an advanced neural applications that
combines modeled metrics and machine learning to protect
from known and undocumented network threats. Version 1.0
is designed specifically to plug into Microsoft's
Internet Information Services (IIS) Web server.
Privacyware,
a unit of PWI Corp., a custom software development
company with strong ties to Moscow State University (MSU),
leverages the investment PWI has been making into a
threat analysis engine developed with the help of
mathematical experts from MSU. These experts are
advanced in areas such as fuzzy clustering, and
supervised and unsupervised learning theory.
"Now
we want to leverage our unique competencies in more of a
product model than a services model," says Greg
Salvato, CEO of Privacyware. Work began in January 2002
on the Adaptive Security Engine, which is an anomaly
detection engine that helps establish a baseline of what
is normal, monitors for exceptions, then adapts the
baseline as time goes on. "The more you use it, the
more accurate it gets," says Salvato.
ThreatSentry
is based on ASE but is very focused on variables
relevant to IIS. It identifies events as either trusted
or untrusted. For events that exceed a threshold, it can
send alerts, take preventive action, add the source IP
address to the blocked list, or shut down IIS if
necessary.
Documented
exploit techniques that it protects against include
directory traversal, parameter manipulation, buffer
overflow, parser evasion, high-bit shellcode, printer
protocol and remote data services. Using the product
reduces risks related to lapses in patch management,
configuration errors and the use of new attack
techniques.
ThreatSentry
is priced at $795 for a single server license. For two
to four servers, the price drops to $695 per unit; for
five to 10 servers, $595 per unit.
|
