IDS Management/SIM Systems

[eric.hines () appliedwatch com]

Mayank,

If I am understanding you correctly, you are talking about a Security 
Information Management System that integrates monitoring capabilities of 
Intrusion Detection Systems beyond SNMP traps. Several SIM systems exist out 
there, just to name a few:

1. eSecurity, Inc.
2. Arcsight
3. Net Forensics

And for my favorite point in the email, our own vendor plug. Our SIM is the 
first of it's kind, OS-native system for monitoring the Snort IDS, ripping 
users from the web browser to the Desktop. We are a first to market SIM system 
dedicated to open-source security solutions, providing upcoming support for 
Snort-Inline, Prelude, PF, IPchains, etc. For more information,
http://www.appliedwatch.com will allow you access to download the software.

It really depends on what you are looking to do. I guess I need more 
understanding of your environment, and instead of "what if the company is doing 
this" sort of questions, could you possibly tell us exactly what it is you want 
to do and what is setup there? What IDS are you using and why concern for SNMP 
for management? Is this the only alerting/management protocol your IDS 
supports? 

> From what I read from your email, your company currently outsources the 
monitoring of your network and you now want to do your own IDS monitoring in-
house in conjunction with what they are doing to augment the efforts?

Please advise.

Regards,
Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
http://www.appliedwatch.com
Toll Free: (877) 262-7593 





From: Mayank-Bhatnagar [mailto:mayank () ncb ernet in]
Sent: Friday, June 13, 2003 10:21 AM
To: focus-ids () securityfocus com
Subject: IDS and NMS


hi folks,

Well there is this issue that I would like to put to the group.
"Requirement of an interface of an IDS with an already installed Network 
Management System".

Let me state it like this, If we have a managed IDS product it might have its 
own management console and its own
configurations, server etc.

However an organisation which is running a NMS might wish to incorporate IDS, 
its features on the NMS itself and might
not wish to invest on another Management Console.

There are some products like HP-OPen View which incorporate IDS in their 
feature set.But this scenario is different
in the sens that one has build a NMS and also provided IDS functionality using 
SNMP. The other case is where an independent
 IDS solution (independent of SNMP), getting incorporated in a NMS.

How much is this a viable solution or whether such requirement could exist, and 
if yes, what could be implications of same?
As far as I know, top notch IDS products dont have any integration with NMS, 
Some do send traps (which could be a
minimal part of IDS ie sending alerts to IDS management console as well as NMS)

Hope I am clear enough.....

Waiting for some views......

thanks and regards,
Mayank

-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's to 
"underground" security specialists.  See for yourself what the buzz is about!  
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------