RE: Networking IDS Correlation Question

From: Simon Edwards (SEdwards@toplayer.com)
Date: 01/30/02 

From: Simon Edwards <SEdwards@toplayer.com>
To: samargul <samargul@nps.navy.mil>, focus-ids@securityfocus.com
Date: Wed, 30 Jan 2002 10:33:40 -0500

ISS has a new product which they have just started shipping called Sit
Protector, it uses a correlation technology called Fusion, which will take
Host and Network based info, but also Vulnerability data (so I have seen
this attack, was the system actually vuln to that attack) .. at the moment
they only support their own products (but I am sure there is a way of
bringing in other data over SNMP etc.) .. but they are planning a 3rd party
API for 3rd party data.

My experience with Decisions is that it can be really tough to bring in 3rd
party data, so maybe have a look at SP ??

Hope that helps

Simon

________________________________________________
Simon Edwards
Technical Evangelist
Top Layer Networks
US Office : 508 870 1300 x230
UK Office : +(44) 1252 748509
UK Mobile: +(44) 7971 959170
www: www.TopLayer.com <http://www.TopLayer.com>
email: sedwards@toplayer.com <mailto:sedwards@toplayer.com>
 
"Perfecting the Art of Network Security"
----------------------------------------------------------------------------
--------

-----Original Message-----
From: samargul [mailto:samargul@nps.navy.mil]
Sent: 28 January 2002 20:54
To: focus-ids@securityfocus.com
Subject: Networking IDS Correlation Question

I have been asked by one of my clients to purchase a program which
correlates Intrusion Detection System (IDS) data from network and host based
systems. My clients company is running ISS's RealSecure which is guarding
its perimeter and high value targets and a proprietary third party IDS which
is placed on many of its hosts. The software is searching for all sorts of
attacks, both internal and external to the network. Does anyone know of any
COTS software products which could aide in this problem? Most of the
client's enterprise networking is Windows NT 4.0 based. I have been looking
at ISS's
SAFEsuite Decisions(tm) and Enterasys Networks' Vulnerability Correlation
Tool.

Looking for any opinions, suggestions, comments.

Thanks-
Scott Margulis
MCSE/MCP+I

Relevant Pages

  • Re: Finding useful functions- part 1
    ... of the network of NNs that "indicates ... learning, which in turn assumes that learning is something other than a ... > Glen espouses entails that contingencies among such ... correlation, while a linear one is, but I'm probably just using ...
    (sci.cognitive)
  • RE: amount of alarms generated by IDS
    ... there is no "magic product" that will "do it all", most in the IDS ... worrying about Joe Blow scripter scanning the outside of your network, ... automatically log him has a future correlation event, ... Just given a set of FP on one port, ...
    (Focus-IDS)
  • Re: Networking IDS Correlation Question
    ... I've been working on updating my IDS console page, ... Network Security Monitor ... Subject: Networking IDS Correlation Question ...
    (Focus-IDS)
  • Re: 2 pc network - cant see host files from pc 2 on pc 1
    ... If the second card is lost on HOST PC then DSL Internet does not connect. ... Ditch the second network card in the one ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Emailing web form information to me
    ... Which version of Publisher are you using? ... both FTP uploading and FPSE uploading. ... use of FPSE and using the form program provided by your host? ... Instead you need to map a network ...
    (microsoft.public.publisher.webdesign)