[ISN] Hackers beware: IBM to sharpen Haxor

From: cult hero (jerichoat_private)
Date: Sun May 30 1999 - 02:27:43 PDT

  • Next message: cult hero: "[ISN] Feds Fend Off HACK3RZ"

    Forwarded From: root <rootat_private>
    Hackers beware: IBM to sharpen Haxor
    By Jim Kerstetter, PC Week Online
    May 27 1999 4:49 PM ET
    Hackers beware: Haxor is watching you from its perch in IBM's wide-ranging
    security suite. 
    This fall, Haxor is due for a face lift, along with IBM's Boundary Server
    firewall. They are two components of IBM's FirstSecure suite of
    applications, which includes everything from intrusion detection software
    to anti-virus software in the company's wider SecureWay security strategy. 
    Haxor will gain several new features, including better scanning for
    stealth attacks, such as low-bandwidth hacks and coordinated attacks from
    different geographic points, and improved ability to detect mangled and
    overlapping packets, company officials said. IBM (NYSE:IBM) is also trying
    to improve Haxor's ability to filter out the white noise of regular
    network traffic, tuning it down enough so it can catch stealth attacks
    while not setting off frequent false alarms. 
    Haxor was developed at IBM's Global Security Analysis Lab, in Hawthorne,
    N.Y., said Dave Safford, manager at the lab. There are two kinds of
    intrusion detection applications: One is based on servers or hosts and
    looks for attacks on that individual system; the other is network-based
    and sniffs packets as they come into the network, trying to determine if
    an attack is taking place. 
    Haxor is network-based and can be found within IBM's FirstSecure suite as
    well as Tivoli Systems Inc.'s CrossSite network management suite. "There
    is an incredible amount of data that comes out of these things," Safford
    said. "It can be a real problem." 
    To solve the problem, Safford said, IBM has developed "dynamic
    sensitivity," which will be able to correlate the difference between the
    attacks and legitimate traffic. 
    Network administrators are particularly interested in integration with
    management tools from companies such as Tivoli. "That makes the most sense
    to me. I want to be able to manage this from one point," said Doug Mallow,
    network administrator at a West Coast bank. 
    Also this fall, the Boundary Server firewall will be more tightly
    integrated with the SecureSite Policy Director, said IBM officials. Using
    the Common Content Inspection specification that is now under development,
    Boundary Server should be able to improve on performance, essentially
    sharing packets of data with other content inspection applications such as
    Content Technology Inc.'s MIMESweeper for e-mail inspection and Finjan
    Software Ltd.'s SurfinGate mobile code-scanning software. 
    IBM in January unveiled its SecureWay strategy for Internet and network
    security. Like competing packages from Hewlett-Packard Co., SecureWay is
    made up of both home-grown and OEM applications. 
    IBM also has developed a Security Policy Director to tie together its
    security pieces. 
    IBM can be reached at (914) 499-1900 or www.ibm.com. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: OSAll [www.aviary-mag.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:05 PDT