Intrusion Detection Tools Get More Selective

By Brian Fonseca, ITworld |  News

Hoping to provide a respite to security administrators exhausted from
intrusion detection systems (IDSes) that "cry wolf," security vendors
are restructuring the way in which their products identify attacks. In
another emerging trend, scaling IDS solutions so they can be offered as
a managed service is also gaining momentum.

Security and network administrators continue to grapple with earlier
IDS products that are too broad in their searches, thereby sounding off
numerous alerts to potential attacks that often translate into false
positives, according to Eric Hemmindinger, research director for
Information Security at Boston-based Aberdeen Group Inc.

"The [IDS] product ceases to have value to [customers] because they're
overloaded with information. It's a nightmare," Hemmindinger said. "We
see companies trying in a number of different ways to reduce the number
of false positives by learning to filter better and get rid of the

A new player in the crowded IDS space, Lancope Inc. launched its
company and Stealthwatch plug-in appliance on Tuesday. Stealthwatch
analyzes traffic between multiple IP devices to uncover known or never
before seen attacks, said Jay Chaudry, CEO and founder of Atlanta-based
Lancope. Typically, IDS products rely on signature-based packet
patterns to recognize a potential assault.

"We're focusing on undocumented attacks," Chaudry said. "Since we're
not analyzing tons of packets and comparing them to signatures, we can
handle very fast networks."

At the heart of its IDS technology, Lancope employs counters to
construct a statistical-based "concern index" for every IP device in
the network. This allows companies to set different levels of detection
based on their needs. When combined with designated IP device service
profiles, traffic can be analyzed to determine if it is legitimate or
crafted by an intruder.

Turning its attention to the xSP market, last week Inc.
introduced SecureNet Provider -- the latest member of its SecureNet IDS
product suite -- built to scale intrusion detection across large
enterprises and MSP (managed service provider) platforms.

Running on Microsoft Windows 2000 Server,'s SecureNet
provider features IDS sensors deployed in the service provider
environment, a central managing console, and a client desktop

Join us:






Answers - Powered by ITworld

Ask a Question