SMITE: Scalable Monitoring in the Extreme
Our approach with SMITE is to provide a complete solution to the problem of scalable network monitoring.
SIFT has partnered with BBN, Honeywell, Adventium, Georgia Tech, and Irvine Sensors—experts in attack defense research, event correlation, and high performance network devices— to propose SMITE. SMITE is (1) a collection of novel scalable attack detection algorithms, (2) a flexible and extensible architecture for Implementing and deploying the algorithms, and (3) the execution environment suitable for traffic inspection, feature extraction, and algorithm execution at extremely high line rates. SIFT's approach with SMITE is to provide a complete solution to the scalable network monitoring problem by building novel algorithms that are intrinsically scalable, are designed for ultra high-speed deployment on appropriate hardware platforms, and which are solutions that produce events designed for correlation with other events to provide true positive alerts supported by explicit network and attack models. SMITE focuses on four major categories of attacks; Malicious behavior, Malicious code infections, Information gathering attacks, and Control of assets (botnets).