RE: Correlation software
From: Chris Kirschke (durnie_at_hushmail.com)
Date: 03/20/04
- Previous message: Phil Hollows: "RE: Correlation software"
- Maybe in reply to: sam_at_neuroflux.com: "Correlation software"
- Next in thread: Raffael Marty: "Re: Correlation software"
- Reply: Raffael Marty: "Re: Correlation software"
- Reply: Alberto Gonzalez: "RE: Correlation software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 19 Mar 2004 16:23:21 -0800 To: sam@neuroflux.com, focus-ids@securityfocus.com, phollows@open.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Check out www.guarded.net, their NeuSecure app is what we use at our
bank and we've enjoyed it the entire way...
durnie
On Fri, 19 Mar 2004 02:56:53 -0800 Phil Hollows <phollows@open.com> wrote:
> [Fair Warning: I work for a security management and correlation
>company]
>
>
>
> Hi Sam & list:
>
>
>
> Security Threat Manager (STM) from Open (www.open.com <http://www.open.com>
>) does what you're looking for, providing real-time correlation,
>analysis and triage of FW, IDS, IPS, AV, VA and network events using
>a variety of techniques. It links multiple (tens or hundreds or
>for worms thousands) of raw events from your devices into a few timely,
> actionable and relevant alerts - in other words, significant false
>positive reduction. It links events to asset values and vulnerability
>scans and recent event history and attack source. It also provides
>extensive reporting and analysis capabilities into attacks, correlated
>threats and operations performance. We've a couple of case studies
>(no registration required) on how the product works and the benefits
>it can bring at http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf
><http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf> and http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf
><http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf> if
>you're interested.
>
>
>
> STM features a nightly update service that updates its internal
>database of exploit and vulnerability signatures, so instead of writing
>rules for your correlation engine for each new potential attack vector
>and spending time managing it, you are free to focus on improving
>policies, testing and verifying patches, ensuring that your IDS are
>up to date, and otherwise working on proactive defense. It all runs
>on standard hardware too, and because it uses a "no rules" approach
>to correlation, it's fast to install, baseline and tune.
>
>
>
> Enough of the product info - I'm more than happy to continue the
>conversation off-list for Sam and anyone else who's interested in
>product or implementation-specific detail.
>
>
>
> Thanks
>
>
>
> Phil Hollows
>
> VP
>
> OpenService Inc (www.open.com <http://www.open.com> )
>
>
>
> -----Original Message-----
> From: sam@neuroflux.com [mailto:sam@neuroflux.com]
> Sent: Thu 3/18/2004 11:07 AM
> To: focus-ids@securityfocus.com
> Cc:
> Subject: Correlation software
>
>
>
> Hello.. Thank you all for your responses to my Entercept email,
> they have
> all been fantastic!
>
> I am also looking to find out if there are any commercial Log Correlation
> packages available? I'm looking for something that can correlate
>Firewall
> + IDS + HIDS type of logs and create a logical flow of events..
>
> Can anyone recommend, or point me in the right direction?
>
> Thanks!
> -Sam
>
>
> ---------------------------------------------------------------
>------------
> Test your IDS
>
> Is your IDS deployed correctly?
> Find out by easily testing it with real-world attacks from CORE
>IMPACT.
>
> Visit:
> www.coresecurity.com/promos/sf_eids1 to learn more.
> ---------------------------------------------------------------
>------------
>
>
>
life is meant to be lived. hear me? didn't think so...
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3
wkYEARECAAYFAkBbjvoACgkQ3UH5NRolsbaq5ACguxPk1PrBNmlr6baOVVJT1SMgqxYA
njlR/REuYZd8T4sHxv29c2oahqfG
=gQ8z
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit:
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
- Previous message: Phil Hollows: "RE: Correlation software"
- Maybe in reply to: sam_at_neuroflux.com: "Correlation software"
- Next in thread: Raffael Marty: "Re: Correlation software"
- Reply: Raffael Marty: "Re: Correlation software"
- Reply: Alberto Gonzalez: "RE: Correlation software"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
