IDS mailing list archives
RE: Correlation software
From: "Phil Hollows" <phollows () open com>
Date: Fri, 19 Mar 2004 05:56:53 -0500
[Fair Warning: I work for a security management and correlation company] Hi Sam & list: Security Threat Manager (STM) from Open (www.open.com <http://www.open.com> ) does what you're looking for, providing real-time correlation, analysis and triage of FW, IDS, IPS, AV, VA and network events using a variety of techniques. It links multiple (tens or hundreds or for worms thousands) of raw events from your devices into a few timely, actionable and relevant alerts - in other words, significant false positive reduction. It links events to asset values and vulnerability scans and recent event history and attack source. It also provides extensive reporting and analysis capabilities into attacks, correlated threats and operations performance. We've a couple of case studies (no registration required) on how the product works and the benefits it can bring at http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf <http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf> and http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf <http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf> if you're interested. STM features a nightly update service that updates its internal database of exploit and vulnerability signatures, so instead of writing rules for your correlation engine for each new potential attack vector and spending time managing it, you are free to focus on improving policies, testing and verifying patches, ensuring that your IDS are up to date, and otherwise working on proactive defense. It all runs on standard hardware too, and because it uses a "no rules" approach to correlation, it's fast to install, baseline and tune. Enough of the product info - I'm more than happy to continue the conversation off-list for Sam and anyone else who's interested in product or implementation-specific detail. Thanks Phil Hollows VP OpenService Inc (www.open.com <http://www.open.com> ) -----Original Message----- From: sam () neuroflux com [mailto:sam () neuroflux com] Sent: Thu 3/18/2004 11:07 AM To: focus-ids () securityfocus com Cc: Subject: Correlation software Hello.. Thank you all for your responses to my Entercept email, they have all been fantastic! I am also looking to find out if there are any commercial Log Correlation packages available? I'm looking for something that can correlate Firewall + IDS + HIDS type of logs and create a logical flow of events.. Can anyone recommend, or point me in the right direction? Thanks! -Sam --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
- RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
- Re: Correlation software Raffael Marty (Mar 22)
- RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
- RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)
- Re: Correlation software David Chapdelaine (Mar 25)
- RE: Correlation software DeGennaro, Gregory (Mar 23)
- RE: Correlation software Phil Hollows (Mar 23)