• Home
• IT Initiatives
• Product Info
• Resources
• Partners
• News & Events
  • Press Releases
  • Press & Analyst Coverage
  • Events
• Company Info
• Customer Support
• Contact Us

New release contains major advancements in traffic profiling technology that drive down cost and complexity of securing critical business applications and processes

---

Cambridge, Mass (November 3, 2003) - Mazu Networks, a leading provider of enterprise network security solutions, today announced the release of Mazu Profiler 3.0, a distributed network security platform that uses network behavior analysis to reduce the risk, cost and complexity of securing critical business applications and processes. Built upon Mazu's unique traffic profiling engine, Profiler provides large enterprises and government organizations with real-time insight into how their networks are actually being used. Leveraging this baseline understanding of network behavior, Mazu Profiler 3.0 provides a host of security features that help customers to thwart attacks as they happen, dramatically reduce recovery time when breaches do occur, and tighten overall security policies to reduce risk and vulnerabilities on an on-going basis.

Many large enterprises today are opening up their critical applications to greater numbers of internal and external users to gain operational efficiencies and competitive advantage. However, since the complexity of providing this access securely goes beyond the capabilities of existing tools, organizations have had to make tradeoffs between accessibility and security. Networking and security teams continue to struggle to keep pace with the business driver - the need to secure wider access quickly and with minimal resources. The Mazu Profiler addresses this growing challenge by providing an intelligent, behavioral approach to security that can scale to meet the needs of the largest organizations.

"With dozens of offices and facilities across the country, ADVO's network is critical to our core business functions," said Phil McMurray, Information Technology Security Officer at ADVO. "Mazu's Profiler gives us a better understanding of how our network is actually used. It also provides the tools to detect threats, recover from attacks, and tighten access policy throughout the network. As a result, we are exposed to less risk, which makes it that much easier to keep our network, and the business processes that rely on it, running smoothly."

"Maintaining network availability has become a painful business problem as companies are continually plagued with unauthorized access to internal systems, worm storms and denial of service attacks," said Eric Ogren, senior analyst at the Yankee Group. "Network integrity systems analyze traffic profiles to ensure that customers, business partners and employees have reliable access to the applications and network resources they need to do their jobs. Mazu Networks' Profiler 3.0 provides the real-time information the IT staff needs to accelerate security incident mitigation and recovery. It also provides insight into network usage that has solid applicability in areas of IT beyond network security.

"As we all saw this past summer, security breaches continue to pose major challenges to organizations of all sizes," said Jim Melvin, president and CEO of Mazu Networks. "But even with those challenges, companies are under pressure to become more efficient by Web-enabling more of their important business activities. With Mazu's new Profiler release, we help customers gain those efficiencies quickly, without hiring more staff and without creating new risks and security issues."

Mazu Profiler: Intelligent Security Through Network Behavior Analysis

Mazu Profiler is powered by MCube, Mazu's patent-pending network traffic profiling engine. MCube uses sophisticated statistical modeling to capture and represent the characteristics and patterns of typical network traffic and host-to-host activities in high-volume environments. MCube is housed in an appliance and takes in traffic flow information in real-time from Mazu Probes and/or NetFlow-enabled routers. The Profiler analyzes traffic anomalies using a variety of heuristics tuned to detect worms, unauthorized access, denial of service attacks, ping and port scans, new services and other potentially dangerous behavior. The heuristics correlate their analysis in real-time across the entire network to determine operational relevance. Profiler alerts IT staff to potential breaches and provides actionable information to help speed attack mitigation and recovery. It also helps IT teams further harden their internal network by defining tighter access policies for routers and firewalls.

The major advancements in Mazu Profiler Version 3.0 fall into three categories: greater accuracy and breadth of detection, enhanced event recovery post-event forensic tools, and scalability improvements. Following are descriptions the specific new features added to Version 3.0.

Greater Accuracy and Breadth of Detection

Rule-based Alerts – Profiler Version 3.0 enables users to specify and monitor acceptable usage policy and fine-grained access policy over large areas of the network using rule-based alerts. Rule-based alerts give security teams the ability to create custom rules that trigger alerts whenever certain specific activity is detected or a policy is violated. For example, if two segments are not supposed to talk to each other, a rule is easily created to monitor this policy. If specific users or systems are known to access a given service, application or server, a rule is easily created to monitor this access policy and alert the team if it is violated. If specific services are not supposed to run in certain parts of the network, a rule is easily created to monitor this policy. Rules-based alerts extend the protection of traffic profiling to very specific network activities.

Ephemeral Port Protocol Tracking – Tracking abuses and attacks that exploit applications using ephemeral port protocols has always been a challenge. In general, these applications do not use a single, pre-defined port for communication and are therefore difficult to track and analyze. Profiler Version 3.0 introduces the first of several major advancements in this area and provides specific capabilities for tracking FTP usage.

Rapid Recovery and Post-Event Forensics

Recovery Reports – Profiler Version 3.0 introduces recovery reporting. Minutes after an attack begins, Profiler can report on compromised hosts, ordered by group, segment or other relevant organizational distinctions. Furthermore, for compromised servers, Profiler can list all hosts dependent on services being provided by the each server - giving security and networking teams immediate visibility into the impact of quarantining those servers.

New Forensic Tools – A new flow log database enables analysis of critical forensic data. While the Profiler's baseline enables these teams to ask "What does a typical Monday morning look like?", flow logging enables them to ask "What did Monday July 21st look like?" Integration with Crystal Reports and Microsoft Excel further enables customers and partners to create new reports and analytical tools that leverage the Mazu Profiler's data and analytics.

Industry-Leading Scalability

Enterprise-Class Capacity – The number of hosts a profiling solution can manage is a critical metric, since having a single, aggregated model of network activity leads to the highest detection accuracy. In Version 3.0, Mazu has increased to 200,000 the number of hosts that a single Profiler appliance can model. This makes the Mazu Profiler by far the most scalable profiling solution on the market today.

Specifications, Pricing and Availability

Profiler 3.0 is available immediately. It is priced using an enterprise licensing model, beginning at $65k. The Mazu Profiler ships as an appliance and works with data sources including Mazu Sensors and NetFlow-enabled routers (NetFlow V5, V7).

About Mazu Networks, Inc.

Mazu Networks is the first security company to provide real-time insight into enterprise network behavior, reducing the risk, cost and complexity of securing critical business applications. The company's real-time traffic modeling technology enables enterprises to profile, plan and protect networks with unmatched accuracy, efficiency and scalability. The Mazu Profiler protects internal and external access to critical applications. Mazu's Enforcer solution protects networks from traffic-based attacks. These solutions eliminate the tradeoff between security and accessibility, enabling organizations to broaden access to critical applications with less downtime and fewer resources. Mazu is backed by premier venture capital firms, including Greylock, Matrix Partners, Pilot House Ventures Group, Benchmark Capital, and StarVest Partners. Mazu is an IBM Business Partner. Headquartered in Cambridge, Mass., Mazu also has locations in New York, San Francisco, Washington, D.C. and London. For more information, please visit www.mazunetworks.com or contact the company at www.mazunetworks.com/contact.