Strengthen your security...

Statistical Payload Analysis Engine

CounterStorm’s Statistical Payload Analysis (SPA) Engine is the first and only application layer anomaly detection solution in the market. This DHS and DoD funded technology has been used in government networks for the past 2+years to detect highly sophisticated attacks. SPA dynamically builds a model for each application, flow direction and packet size that identifies normal content usage. Deviations from the normal model indicate an anomaly and a possible application layer exploit.

Statistical Anomaly Detection Benefits

  • First and only application layer threat detection technology in the market. Competitive anomaly-based solutions only identify anomalies over network flows, or rely on rules of known good behavior.
  • Ideal for detecting targeted application layer attacks prior to signature availability:
    • Non-scanning malware and hit-list attacks
    • Cache-harvesting worms
    • Botnet command and control
    • Application tunneling and data extrusion, including advanced spyware
    • SQL injection and XSS attacks
  • Application Layer anomaly detection enables enterprise incident response teams and managed service provides to improve service levels and reduce cost.
  • Not based on signatures or rules. SPA does not rely on prior application knowledge, like protocol anomaly detection. It operates at a per packet level to learn the normal content profile of any application on the network.
  • Ensures protection against new, unreleased vulnerabilities and older vulnerabilities in systems that may not be patched
  • Works on text, binary and mixed protocols / services.
  • With our SDK, SPA can be integrated into solutions for both network-based and host-based detection.