NetMonastery has been developing non conventional techno- logies that could be used monitor the state of security on a remote network segment. It's decoy monitoring system is used to detect targeted and worm spread attacks on the network. The system depends upon a central correlation system that develops attack maps from flowing network data.

The three phase approach:

Data collection where data is collected from strategically placed data collection points. These data points are heterogeneous in nature and can detect attacks on heterogen- eous operating systems and architectures.

Primary data analysis and transport where the first part of data analysis is performed. This phase basically separates generic data from attack information and transports this data to the central correlation system.

Event correlation is the final phase where attack events are collected from the data points and correlated based on multiple parameters. This process identifies and uncovers attacks that are detected on the network of data points.

This entire system is built and is optimised to operate on a large network setup where the correlation engine could be located at the central site and the data points could be spread across the enterprise.