Cs3 Products

MANAnet^TM: Infrastructure-level DDoS Defense

Cs3's patent-pending MANAnet software suite - the "MANAnet Shield" - provides a systemic, infrastructure-level solution to DDoS attacks and other security and improved quality of service enhancements for the Internet.

In today's Internet, security and robustness are not simply properties of a single site, as a single site can be no safer or more reliable than the public infrastructure upon which it depends. MANAnet products are intended as building blocks for the mission-critical characteristics of security and reliability needed in Internet infrastructure.

MANAnet focuses on the fundamental protocols of the Internet infrastructure itself and the providers of that infrastructure. Key technologies and features include:

• Elimination of Source Forgery: This is a critical infrastructure vulnerability and key to the ability of hackers to launch DDoS attacks. Cs3 has developed an enhancement to the Internet Protocol (IP) called Path Enhanced IP (PEIP). With PEIP, a packet carries its own path information that is not controlled by the sender. PEIP will be proposed to the Internet Engineering Task Force (IETF) as a standard.



• Fair Service Scheduling to Defend Against DDoS Attacks: Cs3 has a patent-pending "fair-service" approach to defending against packet flooding and related DoS attacks that allows customers their fair, uninterrupted share of shared resources even in the face of attacks. With MANAnet's innovative load-balancing fair-service scheduling, there is no need to identify bad packets from good. This technology essentially proposes new queuing and scheduling schemes for routers.



• Establishing Cooperative Neighborhoods: In Cs3's technologies, cooperative neighborhoods, with real-time cooperation and communications between parts of the Internet infrastructure, are used as the basis to provide enhanced collective security and reliability -- much more effectively than a single site could possibly be. A cooperative neighbor is a group of adjacent routers that are enabled with similar capabilities, such as Path Enhanced IP to eliminate source forgery and fair-service scheduling. The larger the neighborhood, the more effective will be the elimination of source forgery and DDoS defense.

• Reverse Firewall^TM: For ISPs, universities and other infrastructure owners vulnerable to hackers turning their computers into DDoS zombies, the MANAnet Reverse Firewall stops DDoS attacks from being mounted from their networks. While a traditional firewall filters incoming traffic, the Reverse Firewall limits the rates of unexpected outgoing packets from a vulnerable network, protecting both the outside and legitimate users of the network from DDoS attacks originating inside. Unlike intrusion detection tools, with the Reverse Firewall there is no need for updates as hackers become more sophisticated. Preventing the unleashing of DDoS attacks is very likely, and soon, to be seen as a requirement for responsible infrastructure ownership.



• MANAnet Router: For incoming DDoS defense, MANAnet modifies how the infrastructure's routers function to ensure fair-service scheduling and eliminating source forgery. Cs3 offers a MANAnet Linux router and will license its patent-pending technology for proprietary routers.



• MANAnet Firewall: In addition to traditional firewall capabilities, this device provides the ability to track "unexpected" packets, those that are not replies to previous packets. These are scheduled at a much lower rate. Using site-specific parameters, the Firewall detects when an attack is occurring, and can instruct its neighboring routers to limit the rate of packets with the appropriate paths.

DDoS Defense is the first product in the Cs3 MANAnet suite. Future defense and quality-of-service products based on the MANAnet architecture are Packet Forwarding Services, Fair Service Server Wrappers, and Network Management/Forensic tools.

To learn more about MANAnet technology, please request or view on the Cs3 Web site (http://www.Cs3-inc.com/mananet/publications/) the following white papers:

• Towards a More Secure and Robust Internet
• IP Changes to Eliminate Source Forgery
• A Fair Service Approach to Defending Against Packet Flooding Attacks
• The Reverse Firewall: Defeating DDOS Attacks Emanating from a Local Area Network

TriggerWare: Event Monitoring

TriggerWare is a monitoring infrastructure that can be used to build event-triggered decision support systems -- systems which need to respond to event patterns that occur in the world. TriggerWare provides a sophisticated platform upon which to base client/server applications that use a "push computing" paradigm based upon event reasoning. (Please note that TriggerWare used to be known as SoMoS -- Software Monitoring Service.)

TriggerWare is simply the most sophisticated triggering engine available in the marketplace today. In comparison to its competition, TriggerWare offers many critical technology differentiators:

1. Generic, application-independent monitoring service that can integrate horizontally into many different domains and can even span across multiple domains. This gives TriggerWare the ability to fuse event information from many data sources.
2. Sophisticated event pattern specification capability that provides the ability to describe many useful event patterns -- events that trigger real-world decision making processes.
3. Dynamic event definition facilities that make it possible to change the criteria of importance on the fly, without massive amounts of code rewrite or recompilation.
4. TriggerWare maintains complete event histories to enable one to specify new kinds of historical analysis and projections through new computations that can be added dynamically.
5. Facilities to program decision support applications that involve events on a single workstation, a Local Area Network, or the Internet.

The TriggerWare family of products includes:

• TriggerWare server (for SUN Solaris or Microsoft Windows 9x/NT)
• Visual editor for Flea (Windows 9x/NT)
• TriggerWare Java applets (defining, receiving, or metering events)
• All documentation and application program interfaces, and several working examples of TriggerWare applications

TriggerWare Consulting and Training

TriggerWare is a generic monitoring server -- like a database for events. It must be populated with a rich model of events for any given application. Cs3 provides consulting and training services to facilitate the customization of TriggerWare to specific monitoring solutions that are critical to customers.

Search&Notify

TriggerWare provides a way for you to turn repositories into vibrant notification services that users can subscribe to in an SQL-like language. We have built a product called Search&Notify, which will notify you when the results of your Web searches change in the specific ways you are interested in! You can use Search&Notify to:

• Monitor how well your site is faring across the range of search keywords you are using to market your organization, and how your site is moving day to day.
• Know how the results of your research on the Web are changing over time with emphasis on the specific criteria that you are interested in.
• Be notified of critical changes in and across different repositories as indicated by your own, personalized subscription criteria.

Collabrium: On-line Collaboration

Collabrium is an easy to use, fully secure, innovative on-line conferencing software product. The technology behind Collabrium allows people to work together over the Internet, thereby lowering expensive travel and time costs associated with business meetings. User can instantly set up on-line Collabrium "conference rooms" and with a click of a mouse it is ready for work. The on-line meeting software allows users to share, exchange and retrieve data with other meeting participants from the comfort of a desktop computer. If meetings are missed by one or more participants they can easily retrieve everything that was discussed, decisions made or dialogues.

Collabrium has the look and feel of a real-world conference center, including a variety of meeting rooms. Each room contains information used exclusively by meeting users, including data, documents, and video. Only authorized persons can access this information.

Collabrium on-line features include:

• Theater to view videos
• Library with reference materials provided by users
• Lounge for on-line conversations
• Meeting rooms configured as roundtables or classrooms
• Personal on-line offices featuring private workspaces
• Administration room for management of on-line meetings

Collabrium specifications are:

• Servers are run on Sun/Solaris and PC/Windows NT/9X/2000 platforms
• Two configurations:
• Standard configuration, includes the full Collabrium functionality for corporate intranets and usage within organizations without using the Internet; or
• Web configuration, includes Web-server capabilities with full Collabrium functionality.
• Access is accomplished in two ways:
• Collabrium Client: custom client software installed on the desktop; or
• Web Browser: a standard Web browser to access via the Internet
• Collabrium meetings are completely secure and are protected on two levels: the server and through the communication lines.
• For additional specifications go to www.compsvcs.com

Cs3 Services

Cs3 has world-class R&D and consulting talent in specific technical areas such as:

• Internet robustness and security technologies
• Advanced Event Monitoring and event correlation
• Event-based decision support systems
• Software modeling and prototyping languages

The R&D Unit has been extremely successful in winning Federal funding for leading edge research in Internet security, event monitoring, and a host of other topics. Many of these have turned into Cs3 products.

The Consulting Unit performs specific technical consulting related to Cs3's products and skill areas to facilitate client problem solving.

About Cs3

Founded in 1991, incorporated in 1998, Cs3, Inc. is a pioneer in infrastructure-level DDoS security solutions, constructing the building blocks for a more secure and robust, mission-critical Internet. Privately held, Cs3 has been awarded development funding by the Defense Advanced Research Projects Agency (DARPA) and the California Technology Investment Partnership (CALTIP).

For more information on Cs3 and its MANAnet DDoS Defense solution, please visit www.Cs3-inc.com.

Company contact: Cs3, Inc., Ms. Deborah Taylor, 5777 W. Century Blvd., Ste. 1185, Los Angeles CA, 90045-5600. Phone: (310) 337-3013; Fax: (310) 337-3012.