CMDS automatically retrieves the event log data from operating systems, applications and networking devices. The event log data is formatted and sent through an analysis engine that searches for intrusion and attack signatures like failed logins, attempted administrative useage, attempted unauthorized access to servers, directories or files and many other intrusion signatures.

The Notify module provides security adminitrator alerts and warnings, if CMDS Enterprise detects unusual activity or overt threats.

All events are stored in a relational database providing unmatched reporting and forensic analysis. The Security Administrator Console provides powerful, easy to use tools for managing secuirty events.

1. Integrated statistical profiling engine that builds a biometric fingerprint of user behavior and automatically creates a baseline of application
2. CMDS Enterprise uses an expert system that analyzes all events to recognize well-known attack signatures
3. CMDS monitors for over 200 different intrusion and attack signatures
4. CMDS Enterprise has numerous standard reports and charts designed for both non-technical management and security administration
5. CMDS Enterprise is completely open, with the rules base, database, Universal Parser and report generator fully documented for modification
6. CMDS Enterprise uses standard, off-the-shelf Windows NT platforms for data analysis
7. Supports Windows NT, Sun Solaris, Cisco Routers and NetRanger, ISS' RealSecure and Oracle databases
8. CMDS has a Universal Parser that allows interfacing with virtually any device or application
9. CMDS Enterprise collects and analyzes all events on monitored systems providing unmatched forensic analysis and security policy reporting
10. CMDS Enterprise is scalable to the largest organiztion