Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: John Kelly (idswizardhotmail.com)
Date: Mon Jan 28 2002 - 13:28:04 CST
You may want to look at a product like neuSECURE from Guarded.net
http://www.guarded.net/ They are vendor neutral, so you are not stuck if
you need to expand your solution. neuSECURE can correlate IDS, firewalls,
routers, basically any device that can syslog or provide SNMP. They also
have a solution for Windows logs. The product provides a threat
calculation, which helps in determining what alerts to address first.
Additionally, it does passive, semi-active and active responses (DNS
queries, portscans, etc.) It was built with RealSecure in mind.
However it does run on Unix, so it may be beyond your client's skill level.
There are other products out there such as Spectrum, netForensics,
Intellitactics, eSecurity etc. Each have their own advantages and
disadvantages. There is an article online outlining some of these types of
I would recommend staying away from vendor-specific solutions if your client
has any intention of expanding their threat view beyond IDS.
Just a thought.
I have been asked by one of my clients to purchase a program which
correlates Intrusion Detection System (IDS) data from network and host based
systems. My clients company is running ISS's RealSecure which is guarding
its perimeter and high value targets and a proprietary third party IDS which
is placed on many of its hosts. The software is searching for all sorts of
attacks, both internal and external to the network. Does anyone know of any
COTS software products which could aide in this problem? Most of the
client's enterprise networking is Windows NT 4.0 based. I have been looking
SAFEsuite Decisions? and Enterasys Networks' Vulnerability Correlation Tool.
Looking for any opinions, suggestions, comments.
Chat with friends online, try MSN Messenger: http://messenger.msn.com