http://weblog.infoworld.com/zeroday/archives/2008/01/free_csi_for_yo.html By Matt Hines Zero Day Security InfoWorld January 22, 2008 When it comes to network security, you can't say that nothing in life is free. At least nothing that's been ported into a free trial version [1]. Jokes aside, the security community is being offered a chance to kick the tires on an intriguing new product this week, as start-up Packet Analytics has launched a free trial of its Network Forensic Search Engine (Net/FSE) -- a tool used to collect and perform analysis of network alert data. Launched out of Los Alamos Labs, the startup is hoping to help companies make sense of all the information being gathered by their existing intrusion detection systems, security event management tools, firewalls and network gateways. Even though many large customers have invested lots of hard-earned cash in deploying such devices, most still struggle to make sense of all the incident data being aggregated by the systems, and to weed-out real attacks from the noise of everyday traffic and false positives, officials with the company claim. According to the Packet Analytics' founders -- several of whom worked at the federal research facility -- the core technology behind Net/FSE has been has been in production use for more than five years at Los Alamos where it has been keeping an eye out for suspicious activity trying to tunnel its way in over the installation's external defenses. Another existing user is Los Alamos National Bank, which scanning its event logs with the system to help protect its 1.2 billion online financial records, according to Packet Analytics executives. Promised to be "built by network security analysts for network security analysts" Net/FSE utilizes proprietary indexing and search algorithms that promise to deliver speedy results and offer "real-time situational awareness" of forensics data, allowing organizations using the tool to become far more proactive about handling critical incidents, company officials said. According to the firm's marketing pitch, the system actually uses a two-phase search technology that alters the manner in which multi-terabyte datasets can be analyzed to gather context about security-oriented events. Net/FSE also promises to function as both a network data collector and a systems log server, thereby allowing for tight integration of data fed into the tool from multiple sources, the company maintains. The system also boasts a high level of available customization to allow users to design unique agents to stream data to the server, or provide search capabilities over existing log repositories. That feature is crucial in cases where organizations already have a centralized logging infrastructure and merely desire to add new search capabilities over that data, officials said. The search engine can also be delivered as a totally Web-based architecture, as it is in the trial version, although companies hoping to create their own models for the engine will need to run an agent in-house. Working under a license to market the technology commercially -- and $100,000 in seed money -- from Los Alamos, company officials said they believe the engine could become a hit with organizations that have found their networks getting compromised with attacks even after making significant investments in existing logging and alert tools. "People at Los Alamos found that they were spending too much time analyzing these logs, so the idea was to design something that could perform a deep dive on what the events actually mean within the security context," said Andy Alsop, president and chief executive of Packet Analytics. "The most significant value we bring is to give people more detailed information as an event is still happening, but it's also about giving the whole picture, how something small that happened a month beforehand actually led to a much larger incident, and that's what traditional data collection tools cannot do," he said. Future plans to expand Net/FSE will include the addition of compliance reporting capabilities, along with added network behavior analysis features and even broader event correlation, the company said. [1] http://www.packetanalytics.com/download.php ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 22 2008 - 22:52:19 PST