[ISN] Combat-Ready Security Tools to Debut

From: mea culpa (jerichot_private)
Date: Tue Oct 06 1998 - 12:38:58 PDT

  • Next message: mea culpa: "[ISN] Aiming for safer net connections"

    Forwarded From: <synthet_private>
    Combat-Ready Security Tools To Debut
    Two security vendors will unveil tools next week that make it easier for
    IT managers to identify and thwart attacks on their enterprise networks. 
    Axent Technologies and Internet Security Systems separately plan to
    introduce products that combine host- and network-based intrusion
    detection. The "hybrid" systems automatically detect attacks on networks
    and systems and alert IT managers, who can then take appropriate actions. 
    As more companies open up corporate networks to the Internet and deploy
    intranets and extranets, high-tech burglar alarms such as intrusion
    detection systems (IDS) are being used to identify attacks from outsiders
    as well as insiders. 
    User organizations, however, are installing two types of systems: sniffers
    that monitor network packets for IP spoofing and packet flooding attacks,
    and log analysis products that monitor PC, server, and firewall logs for
    known vulnerabilities. 
    Users and analysts said both approaches have their strengths and
    weaknesses. However, a combined product would give IT administrators a
    more comprehensive view of attacks across the enterprise, they said. 
    "A network-based IDS can detect intrusions, but can't [always] determine
    if the intrusion is successful, while a host-based system can see
    successful intrusions, but might not necessarily see the unsuccessful
    attacks," said Hurwitz Group analyst Steve Foote. 
    As a result, some users want host and network analysis in an integrated
    "We are interested in an integrated package. [Network and host-based
    systems] would have the same look and feel, and reporting could be
    coordinated so there is less likelihood of gaps and omissions," said John
    Patterson, security officer at Oppenheimer Funds, a $95 million stock
    trading company. 
    NetProwler is a Windows NT plug-in for Intruder Alert 3.0 that monitors
    packets for certain classes of attacks, such as port scanning, Teardrop,
    Bonk, LAND, SYN Flood, and Winnuke. 
    The software complements Intruder Alert's host-based technology, which
    uses intelligent agents to monitor systems, said Robert Clyde, vice
    president of Axent's security management unit. 
    With the new module, Intruder Alert can monitor audit trails of
    distributed systems in real time for suspicious "footprints" on operating
    systems, Web servers, firewalls, routers, applications, databases, and
    Simple Network Management Protocol traps from other network devices, Axent
    Intruder Alert-which is designed to protect more than 35 major platforms
    including Windows NT, NetWare, and Unix-responds to attacks by alerting IT
    managers, shutting down systems or terminating sessions. Intruder Alert
    users will be able to download NetProwler free of charge from Axent's
    website by year end. 
    While Axent added network monitoring to its Intruder Alert, ISS extended
    the host reach of its RealSecure network monitor. The development project
    that was code named LookOut has borne fruit in the latest version of the
    RealSecure software. 
    RealSecure 3.1 is a hybrid network and host-based detection system with a
    "single management architecture, seamless database, event management, and
    reporting functions in one package,"  said Tom Wood, ISS' manager for
    intrusion detection. 
    RealSecure is based on a distributed architecture in which real-time
    alarms about attacks can be sent back to a central console. The software
    consists of a network engine, agent software for host-based detection, and
    a management console, Wood said. 
    The host-based module runs on NT and will be available next month. ISS
    will include agents for Unix-specific attack signatures and Unix system
    logs by year end. RealSecure now can detect more than 165 network attacks
    and more than 100 system attacks, Wood said. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:28 PDT