WebWise Security, Inc.

Computer networks have evolved into a ubiquitous infrastructure, and the Internet has become a mission-critical asset for governments, companies, institutions, and millions of everyday users.

Therefore, it is of paramount importance that managers and administrators maintain situation awareness of the current status of large-scale networks during 24/7 operations. This includes assessing the impact of attacks and predicting future adversary intentions.

The current status is that the surveillance and security monitoring of the network infrastructure is mostly performed using Intrusion Detection Systems (IDSs). These systems analyze information about the activities performed in computer systems and networks, looking for evidence of malicious behavior. When an attack is detected, an alert that describes the type of the attack and the entities involved (e.g., hosts, processes, users) is produced. Unfortunately, these alerts are, for the most part, low-level events, and what is needed for situation awareness is a big picture of what is going on.

• tools for comprehensive correlation of intrusion detection alerts, from fusion to prioritization;
• tools and techniques to represent the cyber-assets that the infrastructure relies on, validate their properties, and monitor their health status;
• models and analysis tools for the description of mission-critical workflows
• tools that allow the operator to perform "what-if" analysis to anticipate the impact of possible attacker actions.

The CORSA toolset supports cyber-situation awareness and allows network operators and system administrators to clearly understand the impact that attacks have on the mission being carried out.

If you are interested in developing commercial solutions based on the CORSA Toolset, please contact corsa@webwisesecurity.com.

AutoKnot is a knowledge-based web protection system.

AutoKnot analyzes the requests performed to Web applications and uses a multi-model profiling technique to automatically capture legitimate user behavior through a learning process.

The behavior models are customized to the specific application being protected and are tailored to the application's internal logic. These models do not depend on attack-specific signatures.

When users interact with the application, their behavior is compared to the profile. If their activities deviate from the models in a malicious way, the request is forwarded to a copy of the protected web application that does not contain critical information.

By using automatically generated profiles, there is no need for either attack signatures or pattern matching techniques to identify attacks.

The AutoKnot knowledge-based request routing system allows anomalous-yet-benign request to be serviced by an application with useful information that is not security critical.

If you are interested in developing commercial solutions based on the AutoKnot system, please contact autoknot@webwisesecurity.com.