Global DataGuard Releases Licensable Version of its Empirical Surveillance Program

Dallas, Texas – October 25, 2004 – Global DataGuard, an industry leader in enterprise adaptive behavioral intrusion detection and prevention, today announced the release of a licensable version of its network monitoring and behavioral packet analysis technology titled Empirical Surveillance Program 1.0 or simply ESP1.0.

ESP1.0 can now be licensed to network service providers, original equipment manufacturers and corporations seeking to protect their internal network from threats. The release of ESP1.0 is the first in a series of steps to develop a stand alone, rack mountable appliance dubbed “MSSP in a box” which GDG projects to release in the second quarter of 2005.

The pioneering brainchild of Global DataGuard, the Empirical Surveillance Program is the only managed security service technology that combines traditional knowledge-based IDS with host and network sensors that gather raw packet data for deep behavioral analysis over extended periods of time. This method allows GDG to catch threats that utilize covert channels, very slow attacks, attacks using sophisticated evasion techniques and unknown types of attacks.

ESP1.0 encapsulates all the various systems used for the “over the horizon” surveillance method that is the hallmark of ESP. Deep raw packet analysis over an extended amount of time allows ESP to detect known and unknown threats that would otherwise go undetected using traditional signature based IDS. Using a continually adapting “normalized” baseline of activity for a customer, ESP identifies unusual behavior affecting corporate information systems. This allows for preventive as well as reactive responses to hackers, worms, Denial of Service (DoS) and other attacks.

The Empirical Surveillance Program benefits customers by providing multiple levels of protection, event correlation and centralized management, prevention of attacks before they occur, a customized solution which is continually self-adaptive, no degradation of host or network performance, detection of privilege abuses, content management activity and identification of resource violations.

The rollout of ESP1.0 will provide these improvements:

Cluster at a Glance – a simple view of the MSSP server(s) cluster operational status which supports user defined thresholds to monitor CPU occupancy, disk utilization and on-line/offline status, among other issues
Sensor Configuration CD – provides a simple mechanism to stage or re-image (recover) IDS, IPS and vulnerability scanner sensors for easy configuration of the ESP technology for VAR channel distribution.
Sensor Dual View Diagnostics – for use by VARs to coordinate with GDG staff during the sensor installation process on the customer’s premises, making the process quicker and easier.
Host IDS Support – monitors individual systems running the most common operating systems for evidence of malicious or suspicious activity in real time.
eTunnel -proprietary GDG data transfer mechanism that utilizes 768-bit encryption and system authentication. Resource Tracking – engine that tracks any type of communication found on a network wire or in a protected zone including protocols, systems and services.
Installation Program – automated installation program to configure all systemic servers and sensors LDAP Operation Server Integration – lightweight set of protocols that includes features ideal for providing network information services such as encryption support and access control lists. LDAP combines several systems that normally have to be maintained separately.

Monitoring Console Improvements – to improve analyst efficiency.
Database, Application, Analysis CPE Cluster – allows customers to utilize GDG’s managed services offering while retaining raw captured IP packet data on premise.

“The option of licensing this software is a positive development for the security industry,” said Mike Cerick, EVP of Sales for Meta Security Group. “The marketplace has been in need of a service provider quality security system for organizations that won’t consider outsourcing and an option for network monitoring firms to be able to provide a next generation security management solution to their customers.”

“The bundle of features in this new licensable offering is a powerful tool for businesses seeking the best defense against threats such as hackers and worms,” said Mike Stute, chief technology officer of Global DataGuard. “These tools and methods constitute a true behavioral analysis system.”


Global DataGuard is the leading provider of adaptive, behavioral network intrusion detection and event correlation. The company’s Empirical Surveillance Program (ESP) is recognized as a more comprehensive approach to information security management than traditional signature-based methods. Global DataGuard assists corporations with protecting their valuable data through the use of the most advanced intrusion detection, prevention, scanning and consulting services available.

Examples of timeframes and threats that have been mitigated by ESP are:

10 months advance warning of SQL Spida Worm
5 months advance warning of SQL Server Worm
3 weeks advance warning of Opaserv
20 hour advance warning of Code Red Worm
3 hour advance warning of Nimda Worm
3 months advance warning of Slammer Worm
2 days advance warning of SoBig F Trojan
2 weeks advance warning of MyMail Trojan

Managed security services provided by Global DataGuard include:

24/7 IDS, IPS & packet traffic monitoring
Integrated Vulnerability Scanning
Behavioral analysis of raw packet data and alerts
Resource Tracking
Enterprise Event Correlation
Global Event Correlation
Security Audits
Penetration Testing
Weekly Reporting

For more information, visit:

Don't miss