Re: Networking IDS Correlation Question

From: Talisker (talisker@networkintrusion.co.uk)
Date: 01/28/02 

From: "Talisker" <talisker@networkintrusion.co.uk>
To: "samargul" <samargul@nps.navy.mil>, <focus-ids@securityfocus.com>
Date: Mon, 28 Jan 2002 21:14:47 -0000

Scott
I've been working on updating my IDS console page, thus far I've only sorted
out the links and there are still a few products missing, but it might be
worth checking out.
http://www.networkintrusion.co.uk/consoles.htm
I've changed the page to only highlight those products that correlate
information from different vendors products.
There are a few salient details on
ACID
AIDE/RSE
CyberWolf
Dragon Server
e-Sentinel
Intrusion Vision
Intrusion SecureEnterprise
KSE/CMDS
NetForensics
Network Security Monitor
Open Esecurity
RTESM
SHADOW

The other consoles/correlation tools should be up within a few weeks

take care and good luck in your quest
-andy
http://www.networkintrusion.co.uk
----- Original Message -----
From: "samargul" <samargul@nps.navy.mil>
To: <focus-ids@securityfocus.com>
Sent: Monday, January 28, 2002 8:54 PM
Subject: Networking IDS Correlation Question

> I have been asked by one of my clients to purchase a program which
> correlates Intrusion Detection System (IDS) data from network and host
based
> systems. My clients company is running ISS's RealSecure which is guarding
> its perimeter and high value targets and a proprietary third party IDS
which
> is placed on many of its hosts. The software is searching for all sorts
of
> attacks, both internal and external to the network. Does anyone know of
any
> COTS software products which could aide in this problem? Most of the
> client's enterprise networking is Windows NT 4.0 based. I have been
looking
> at ISS's
> SAFEsuite DecisionsT and Enterasys Networks' Vulnerability Correlation
Tool.
>
> Looking for any opinions, suggestions, comments.
>
> Thanks-
> Scott Margulis
> MCSE/MCP+I
>

Relevant Pages

  • RE: amount of alarms generated by IDS
    ... there is no "magic product" that will "do it all", most in the IDS ... worrying about Joe Blow scripter scanning the outside of your network, ... automatically log him has a future correlation event, ... Just given a set of FP on one port, ...
    (Focus-IDS)
  • Re: IDS and NMS
    ... Start by designing and installing a network. ... Next, a more detailed view of the network is required, so a NMS is ... the network administrator wants to see what ... This is where integrating the IDS console into the NMS makes sense. ...
    (Focus-IDS)
  • Re: "false positive" inanity
    ... So Mr. Snyder is asking for an IDS that does not need to be configured? ... maximum control of his/her network. ... attack. ... > assuming that it is not an intrusion. ...
    (Focus-IDS)
  • Re: Secure Network Design (DMZ, LAN, etc)
    ... I'd like one outside the firewall and one ... I assumed I could make the first IDS ... should I have the IDS listening on the 192.168.1.0/24 network as well (web ... >Since the whole world will need access to your web servers, ...
    (Security-Basics)
  • Re: Finding useful functions- part 1
    ... of the network of NNs that "indicates ... learning, which in turn assumes that learning is something other than a ... > Glen espouses entails that contingencies among such ... correlation, while a linear one is, but I'm probably just using ...
    (sci.cognitive)