ThreatSentry from Privacyware is an advanced neural applications that combines modeled metrics and machine learning to protect from known and undocumented network threats. Version 1.0 is designed specifically to plug into Microsoft's Internet Information Services (IIS) Web server.

Privacyware, a unit of PWI Corp., a custom software development company with strong ties to Moscow State University (MSU), leverages the investment PWI has been making into a threat analysis engine developed with the help of mathematical experts from MSU. These experts are advanced in areas such as fuzzy clustering, and supervised and unsupervised learning theory.

"Now we want to leverage our unique competencies in more of a product model than a services model," says Greg Salvato, CEO of Privacyware. Work began in January 2002 on the Adaptive Security Engine, which is an anomaly detection engine that helps establish a baseline of what is normal, monitors for exceptions, then adapts the baseline as time goes on. "The more you use it, the more accurate it gets," says Salvato.

ThreatSentry is based on ASE but is very focused on variables relevant to IIS. It identifies events as either trusted or untrusted. For events that exceed a threshold, it can send alerts, take preventive action, add the source IP address to the blocked list, or shut down IIS if necessary.

Documented exploit techniques that it protects against include directory traversal, parameter manipulation, buffer overflow, parser evasion, high-bit shellcode, printer protocol and remote data services. Using the product reduces risks related to lapses in patch management, configuration errors and the use of new attack techniques.

ThreatSentry is priced at $795 for a single server license. For two to four servers, the price drops to $695 per unit; for five to 10 servers, $595 per unit.