Re: Vulnerability and IDS

From: Ron Gula (rgula_at_tenablesecurity.com)
Date: 12/30/03

  • Next message: Mike Lyman: "Re: Vulnerability and IDS" 
    Date: Mon, 29 Dec 2003 20:47:13 -0500
To: kalsys@xtra.co.nz, <focus-ids@securityfocus.com>

    The Lightning Console from Tenable will correlate active and passive
    vulnerability information (distributed Nessus/NeWT and NeVO) with
    real-time IDS alerts from Snort, Dragon, Intruvert (IntruSheild), NFR,
    and ISS. More NIDS are planned. These correlations happen at the
    application layer, so Lightning will alert you when you have a specific
    vulnerability that is being attacked. The correlations are also
    automated such that you don't have to program complex rules or write
    event management tools. Since Lightning also has knowledge of your
    network admins and assets, it can reach out and alert the specific
    effected people when a high profile (IDS event correlated with a
    vulnerability) event occurs.

    Ron Gula, CTO
    Tenable Network Security
    http://www.tenablesecurity.com

    At 08:35 AM 12/29/2003 +1300, Kal wrote:
    >Hello Listees,
    >
    >Are there any products that support matching IDS alerts to Vulnerability
    >scanner results?
    >
    >Looking for an "event correlation" system that will raise an alert upon a
    >detected intrusion attempt matching a current vulnerability.
    >
    >Xmas Cheers
    >
    >Jon.
    >
    >
    >
    >---------------------------------------------------------------------------
    >---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Mike Lyman: "Re: Vulnerability and IDS"
    • Quantcast