CyberWolf prowls for cyberalerts

CyberWolf Technologies Inc. has developed software that picks up where intrusion-detection software leaves off.

CyberWolf software is designed to capture and prioritize alerts generated by intrusion-detection systems, as well as firewalls, antivirus software and other security programs. Few such alerts ultimately require human response, and CyberWolf is designed to identify the ones that do by recognizing patterns in seemingly random alerts, signaling that an attack is under way.

The company, which already has a number of federal customers, is rapidly enhancing its product. CyberWolf 1.8, released last month, has new cross-correlation and user capabilities that enable an organization to more quickly recognize and respond to attacks. Version 2.0, scheduled for a May release, improves real-time reporting of security problems and enhances the graphical user interface.

"Contemporary intrusion-detection systems have alerts scrolling by all the time, from high alerts to cryptic [announcements], so it's tough to know what's really going on," said Jack Beavers, chief architect at CyberWolf.

"CyberWolf puts together a short list of incidence/trouble tickets, organized by severity, and helps managers respond quickly," he said. "You can stop the bad guy before he hurts you...[and security personnel] can go and do something instead of sifting through reports and cross-correlating from multiple devices."

Tom McDonough, chief executive officer of the company, said many agencies within the Defense Department and the intelligence community are using CyberWolf, but those agencies could not be identified due to security concerns. He added that the Falls Church, Va.-based company, originally called Mountain Wave Inc., should have at least three new government customers by the end of May.

Federal customers have found that CyberWolf reduces the workload on the security staff. For example, before deploying CyberWolf, one agency had nine analysts working three shifts in front of more than 10 monitors. Within weeks of using CyberWolf, it only took two analysts watching one monitor to do the same job.

"They could re-deploy seven security employees for other duties and get the most efficiency and effectiveness out of the people they've got," McDonough said.

John Pescatore, research director for Internet security at Gartner Inc., said that CyberWolf has been successful in dominating the DOD market, but similar services are available from competitors, including e-Security Inc. and netForensics Inc.

"Government agencies [generally] make both their firewall and intrusion-detection systems choices best-of-breed, and then they're stuck with two separate management consoles and reporting types," Pescatore said. "CyberWolf and netForensics are powerful in pulling those things together."

CyberWolf can be deployed in a few days, although some "tweaking" is usually necessary during the first few weeks to work out the false alarms and focus on the most serious security threats, company officials said.

The average price is $150,000 to $200,000, and the company uses the perpetual license model, which costs 20 percent of list price per year and includes all upgrades and support, McDonough said.

Stephen Andriole, a senior consultant at the Cutter Consortium, an information technology consulting firm, likens the way CyberWolf consolidates and prioritizes information for users to an electronic "dashboard."

Andriole, who is also a professor of business technology at Villanova University, said that although CyberWolf is a "terrific tool and obviously valuable," the technology is "not earth shattering, since the concept has been around with network and systems management" tools for some time.

He added that the next logical step in this area — enabling the technology to respond to alerts based on "if-then" scenarios — promises even greater benefits for users through real-time, automated decision-making.


FEMA on alert

One customer of CyberWolf Technologies Inc.'s security software is the Federal Emergency Management Agency.

FEMA has deployed CyberWolf to monitor the agency's network perimeter defenses and is considering its use to monitor 500-plus critical Microsoft Corp. Windows NT servers, according to Steve Schmidt, chief of FEMA's Office of Cyber Security.

FEMA's current deployment of CyberWolf supports a network that has 10,000 nodes deployed in 10 regions.

The surveillance points include:

* Internet and intranet firewalls.

* Routers.

* Authentication servers.

* Intrusion-detection systems.

* Unix and NT servers and workstations.

The software sends data to a contractor monitoring the agency's network around the clock.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.