Start-up focuses on anomalies

Intrusion-detection start-up focuses on anomalies

Start-up System Detection this week will make its debut with software the company says stands apart through its use of analytics for defining and categorizing threats and attacks coming from the Internet and inside the corporate LAN.

The company’s Antura product includes three components – the Recon Internet gateway, LAN-based Monitor sensor and Threat Management Center management console – that work together to give companies a feel for where threats and attacks originate and to help them prioritize their response.

Antura, which customers install on Linux-based machines, relies on anomaly detection. With anomaly detection the devices can analyze suspicious behavior based on patterns and knowledge rather than signatures of known attacks.

System Detection faces the hard task of distinguishing itself in what Synergy Research Group says is a $145 million market so far this year for intrusion-detection and intrusion-prevention systems (which use IDS intelligence to block attacks not just watch for them). The biggest player in this segmented market is Internet Security Systems, although Lancope is probably among System Detection’s closest competitors.

“It’s a very crowded field and this type of anomaly based IDS is tough to test because you’re trying to prove you can find what may be a threat that’s unknown and not based on a signature,” says Pete Lindstrom, an analyst with Spire Security. But with false positives still a problem among many products, he says the door isn’t closed to newcomers with fresh ideas.

Antura, which starts at $20,000, isn’t necessarily intended to replace signature-based IDS offerings that customers might already use, according to Dale Gardner, System Detection’s vice president of marketing.

“[Existing IDS products] may do a good job of telling you about threats you already know, but Antura is detecting anomalies based on 68 different attributes, such as the man-in-the-middle attack, for instance – someone trying to insert themselves into an active session,” he says.

The start-up was founded by Columbia University computer-science professor Salvatore Stolfo, who has a background in network anomaly detection research that was funded with a Defense Advanced Research Projects Agency (DARPA) grant, Columbia University owns the rights to the anomaly detection technology developed under the DARPA grant, but has licensed it exclusively to System Detection. The company has 24 employees and $7 million in funding from Metropolitan Ventures and Novak, Biddle Venture Partners.

Analysts say the company, would do well to crack the government market. The company might have a shot, given the background of CEO and President Harvey Weiss, the former head of research and engineering company SAIC and a veteran in government sector-oriented divisions at Digital, Trusted Information Systems and Unisys” Lindstrom says.