OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: John Kelly (idswizardhotmail.com)
Date: Mon Jan 28 2002 - 13:28:04 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You may want to look at a product like neuSECURE from Guarded.net
    http://www.guarded.net/ They are vendor neutral, so you are not stuck if
    you need to expand your solution. neuSECURE can correlate IDS, firewalls,
    routers, basically any device that can syslog or provide SNMP. They also
    have a solution for Windows logs. The product provides a threat
    calculation, which helps in determining what alerts to address first.
    Additionally, it does passive, semi-active and active responses (DNS
    queries, portscans, etc.) It was built with RealSecure in mind.

    However it does run on Unix, so it may be beyond your client's skill level.
    There are other products out there such as Spectrum, netForensics,
    Intellitactics, eSecurity etc. Each have their own advantages and
    disadvantages. There is an article online outlining some of these types of
    solutions:

    http://www.infosecuritymag.com/2002/jan/features_command.shtml

    I would recommend staying away from vendor-specific solutions if your client
    has any intention of expanding their threat view beyond IDS.

    Just a thought.

    -----------------------------------------------------------
    I have been asked by one of my clients to purchase a program which
    correlates Intrusion Detection System (IDS) data from network and host based
    systems. My clients company is running ISS's RealSecure which is guarding
    its perimeter and high value targets and a proprietary third party IDS which
    is placed on many of its hosts. The software is searching for all sorts of
    attacks, both internal and external to the network. Does anyone know of any
    COTS software products which could aide in this problem? Most of the
    client's enterprise networking is Windows NT 4.0 based. I have been looking
    at ISS's
    SAFEsuite Decisions? and Enterasys Networks' Vulnerability Correlation Tool.

    Looking for any opinions, suggestions, comments.

    Thanks-
    Scott Margulis
    MCSE/MCP+I

    _________________________________________________________________
    Chat with friends online, try MSN Messenger: http://messenger.msn.com