ISS upgrades intrusion-detection product suite
ATLANTA -- Internet Security Systems will upgrade a handful of products next month and finally overcome an embarrassment associated with its popular Internet Scanner: the inability to update the scanner on a timely basis.
Internet Scanner is a network-based risk-assessment tool that works by running known types of attacks against firewalls, servers and other gear. Version 6.0 will ship with a revamped scanning engine designed to quickly accommodate new ways to scan for network holes.
The problem with the existing version is the difficulty of adding countermeasures on a timely basis. Unless there is a perceived threat on the scale of Back Orifice, for example, ISS only adds a new set of countermeasures to Internet Scanner once every few months. That's not because ISS staff is slow to spot new hacker exploits -- they are usually among the first to see the trouble -- but because of the way Internet Scanner was originally designed.
"It went to the architecture of the product, which made it necessary to download an entirely new version of the product for new attack signatures," says Patrick Taylor, vice president of marketing at ISS.
By redesigning Internet Scanner to separate the scanning engine's operation from the signatures, ISS has come up with a way to simply download the new attack code the minute it's ready, Taylor says. ISS calls this FlexChek.
Microsoft has been using Internet Scanner for about a year, and Howard Schmidt, Microsoft's information security chief, welcomes the FlexChek improvement: "Our team was saying this is one feature they'd certainly like to see."
Microsoft is using Internet Scanner in several global locations and is starting to deploy another ISS product, System Scanner.
System Scanner is available on more than three dozen server and host platforms, providing instant alerts about unauthorized activity as well as host-based vulnerability checks. Version 4.0, which will ship next month, adds support for Novell's NetWare. And the product will no longer just deliver reports on a timed basis, but will also be able to issue pager or e-mail alerts based on a manager's decision about what is priority. If a hacker manages to install the back-door program called "rootkit," for example, that would certainly be grounds for an instant alert, Taylor says.
ISS also has a new version of Database Scanner in the wings. Version 3.0 adds support for Oracle 7.0 and 8.0. The current version supports Sybase and Microsoft SQL Server.
Internet Scanner 6.0 costs $2,795 for a 30-device license, and Database Scanner costs $995 per database server.