Hoping to provide a respite to security administrators exhausted from
intrusion detection systems (IDSes) that "cry wolf," security vendors
are restructuring the way in which their products identify attacks. In
another emerging trend, scaling IDS solutions so they can be offered as
a managed service is also gaining momentum.

Security and network administrators continue to grapple with earlier
IDS products that are too broad in their searches, thereby sounding off
numerous alerts to potential attacks that often translate into false
positives, according to Eric Hemmindinger, research director for
Information Security at Boston-based Aberdeen Group Inc.

"The [IDS] product ceases to have value to [customers] because they're
overloaded with information. It's a nightmare," Hemmindinger said. "We
see companies trying in a number of different ways to reduce the number
of false positives by learning to filter better and get rid of the
noise."

A new player in the crowded IDS space, Lancope Inc. launched its
company and Stealthwatch plug-in appliance on Tuesday. Stealthwatch
analyzes traffic between multiple IP devices to uncover known or never
before seen attacks, said Jay Chaudry, CEO and founder of Atlanta-based
Lancope. Typically, IDS products rely on signature-based packet
patterns to recognize a potential assault.

"We're focusing on undocumented attacks," Chaudry said. "Since we're
not analyzing tons of packets and comparing them to signatures, we can
handle very fast networks."

At the heart of its IDS technology, Lancope employs counters to
construct a statistical-based "concern index" for every IP device in
the network. This allows companies to set different levels of detection
based on their needs. When combined with designated IP device service
profiles, traffic can be analyzed to determine if it is legitimate or
crafted by an intruder.

Turning its attention to the xSP market, last week Intrusion.com Inc.
introduced SecureNet Provider -- the latest member of its SecureNet IDS
product suite -- built to scale intrusion detection across large
enterprises and MSP (managed service provider) platforms.

Running on Microsoft Windows 2000 Server, Intrusion.com's SecureNet
provider features IDS sensors deployed in the service provider
environment, a central managing console, and a client desktop
application. The MSP-focused solution allows end-users to create
additional IDS tracking signatures for better accuracy, incorporates
string matching, and conducts packet re-assembly to establish attack
patterns, said Ryon Packer, vice president of product management at
Richardson, Texas-based Intrusion.com.

According to Hemmindinger, only managed security service providers are
capable of providing the same level of wide-range IDS deployment and
centralized security device monitoring as Intrusion.com's impending
product.

SecureNet Provider software for the manager and client, available next
week, starts at US$29,995 and is priced on an annual subscription
basis.

Stealthwatch from Lancope is available priced starting at $20,000 per
appliance.

» posted by ITworld staff

ITworld

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine