IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Correlation software

From: "Chris Kirschke" <durnie () hushmail com>
Date: Fri, 19 Mar 2004 16:23:21 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Check out www.guarded.net, their NeuSecure app is what we use at our
bank and we've enjoyed it the entire way...

durnie

On Fri, 19 Mar 2004 02:56:53 -0800 Phil Hollows <phollows () open com> wrote:

      [Fair Warning: I work for a security management and correlation
company]



      Hi Sam & list:



      Security Threat Manager (STM) from Open (www.open.com <http://www.open.com>
) does what you're looking for, providing real-time correlation,
analysis and triage of FW, IDS, IPS, AV, VA and network events using
a variety of techniques.  It links multiple (tens or hundreds or
for worms thousands) of raw events from your devices into a few timely,



actionable and relevant alerts - in other words, significant false
positive reduction.  It links events to asset values and vulnerability
scans and recent event history and attack source.  It also provides
extensive reporting and analysis capabilities into attacks, correlated
threats and operations performance.  We've a couple of case studies
(no registration required) on how the product works and the benefits
it can bring at http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf
<http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf>  and http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf
<http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf>  if
you're interested.



      STM features a nightly update service that updates its internal
database of exploit and vulnerability signatures, so instead of writing
rules for your correlation engine for each new potential attack vector
and spending time managing it, you are free to focus on improving
policies, testing and verifying patches, ensuring that your IDS are
up to date, and otherwise working on proactive defense.  It all runs
on standard hardware too, and because it uses a "no rules" approach
to correlation, it's fast to install, baseline and tune.



      Enough of the product info - I'm more than happy to continue the
conversation off-list for Sam and anyone else who's interested in
product or implementation-specific detail.



      Thanks



      Phil Hollows

      VP

      OpenService Inc (www.open.com <http://www.open.com> )



      -----Original Message-----
      From: sam () neuroflux com [mailto:sam () neuroflux com]
      Sent: Thu 3/18/2004 11:07 AM
      To: focus-ids () securityfocus com
      Cc:
      Subject: Correlation software



      Hello..  Thank you all for your responses to my Entercept email,
they have
      all been fantastic!

      I am also looking to find out if there are any commercial Log Correlation
      packages available?  I'm looking for something that can correlate
Firewall
      + IDS + HIDS type of logs and create a logical flow of events..

      Can anyone recommend, or point me in the right direction?

      Thanks!
      -Sam


      ---------------------------------------------------------------
------------
      Test your IDS

      Is your IDS deployed correctly?
      Find out by easily testing it with real-world attacks from CORE
IMPACT.

      Visit:
      www.coresecurity.com/promos/sf_eids1 to learn more.
      ---------------------------------------------------------------
------------





life is meant to be lived. hear me? didn't think so...
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAkBbjvoACgkQ3UH5NRolsbaq5ACguxPk1PrBNmlr6baOVVJT1SMgqxYA
njlR/REuYZd8T4sHxv29c2oahqfG
=gQ8z
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: