Re: FW-1 and "monitoring client"

From: Phil Hollows (phil_at_open.com)
Date: 06/11/04


Date: 11 Jun 2004 06:47:47 -0700

It depends on the sophistication of analysis you want. Security
information management correlation applications, such as Open's
Security Threat Manager (www.open.com) will analyze your FW logs (and
IDS, IPS, AV, routers, servers etc) in real-time, correlate the data
to identify threats and compromises (typically leveraging
vulnerability scan information). You can use their own console,
forward to HPOV or NetCool (or any SNMP capable console). These
products will talk syslog (or for check point, OPSEC to the device or
provider / 1 ), ODBC / JDBC, etc. All depends on the systems you're
looking at and the complexity of your environment. You obviously get
thorough reporting as well as alerting.

Benefits include earlier detection of attacks (typically in the
reconnaissance phase), false positive reduction and as a result more
time to spend on proactive measuers such as patching and policy
management.

Hope this helps

Phil Hollows
VP Security Products
OpenService, Inc (open)
www.open.com
508.599.2000

gxchristian@yahoo.co.uk (Tom Aaqse) wrote in message news:<dcb99e92.0406101213.1a9e81fb@posting.google.com>...
> Hello,
>
> We have some checkpoint firewalls that are sending their logs to a
> central console. We would like to have some kind of monitoring over
> the firewalls system based on "sampling" data each 5 or minutes, in a
> unattended fashion. Which would be the right direction to go?.
>
> Thanks.



Relevant Pages

  • RE: NIDS and HIDS
    ... using a Security Event Management product combined with open-source ... Use SEM agents to collect logs from servers ... Use SEM agent to collect logs written to flat file ... different approach in that we have seperated log management from event ...
    (Focus-IDS)
  • MSSP security focus
    ... Security Service Provider) in Romania. ... work as firewall/mail/web/dns/etcserver and corporation ... We are looking to implement a system that provides security management ... think that it will be a good idea to send ALL logs ...
    (Security-Basics)
  • RE: CISSP-ISSMP
    ... management say "that's nice", and move on. ... education, certification, experience, know-how, abilities, and ... Many 'security jobs' are nothing shy than that of an overly glorified ... Download FREE whitepaper on how a managed service ...
    (Pen-Test)
  • RE: security not a big priority?
    ... But I have found that upper management will only ... and push out the changes; management has to have this information to ... Network Security Engineer ... Network team with Project Management tasks. ...
    (Security-Basics)
  • RE: Down with DHCP!!!!
    ... Managing/monitoring the DHCP pools as assignments yourself ... -Other management tools as in Asset ... Security Administrator ... Network Operations-ICW Group ...
    (Security-Basics)