ODS Networks applies statistical analysis to security

Using technology originally developed for ultra-security-conscious federal customers, ODS Networks Inc. last month introduced an off-the-shelf software package that enables agencies to collect and analyze data on network intrusions and related security problems.

The product, called CMDS Enterprise, continually collects data on traffic running across the network. By analyzing that data, the software is able to pick out patterns that can indicate security breaches, such as stolen passwords, according to the company.

CMDS Enterprise is one of the first commercial software products to apply statistical analysis methods to intrusion detection, according to Steve Schall, ODS' security product manager, in Richardson, Texas.

The software can easily answer one of the hardest questions in security: "What did John D. do today?" Schall said. Typically, that would mean sifting through the voluminous logs of multiple systems, he said. ODS' approach relieves customers of that tedious process because the system automatically collects and analyzes the data and alerts customers when there are "a couple of deviations" off the norm.

Because the system builds a behavioral profile of employees' patterns of computer use, significant deviations from the norm can be readily identified, the company said. The software combines network-based agent technology with server-based core analysis engines, a centralized database and a dedicated security console.

The system can quickly detect problems in networks as large as 100,000 users, according to ODS, which claims to have customers monitoring networks in the tens of thousands of users.

Unlike many other security packages that run on the network, CMDS uses software agents on the network to collect data but processes the data on the server.

To build a statistical profile, CMDS collects all the log data from the devices and systems that are monitored, compresses it fivefold to save network bandwidth and sends it to the analysis engines. Competitive products, by contrast, try to save on network bandwidth by filtering the log files at the host level, but they actually take up two to three times the CPU overhead in the process.

The base technology, originally known as the Computer Misuse Detection System, was acquired from developer Science Applications International Inc. last year, Schall said. Since then, ODS has improved the user interface, simplified installation and configuration, and redesigned the product to make it very scalable.

The company also is expanding the scope of coverage to include not only servers and desktops but also routers and other intrusion-detection systems. This month, the company plans to add support for routers and for Cisco Systems Inc.'s NetRanger intrusion-detection software, Internet Security Systems Inc.'s RealSecure intrusion-detection system and CheckPoint Software Technologies Ltd.'s Firewall-1.

Besides the federal customers who acquired the software when it was supported by SAIC, numerous agencies have bought the commercial package, and three to four agencies have test installations, Schall said. The product also is available on the General Services Administration schedule from MicroAge Inc., Lucent Technologies and Lockheed Martin Corp.

ODS' approach is promising, said Matthew Kovar, a senior analyst with the Yankee Group, Boston. Many intrusion-detection system vendors admit they have "difficulty in searching through volumes of data," but ODS' approach seems to be "one of the best," he said.

-- Adams is a free-lance writer based in Alexandria, Va. She can be reached at cbadams@erols.com.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.