[441] in Intrusion Detection Systems
Re[2]: Good logging and real-t
daemon@ATHENA.MIT.EDU (Parker, Robert)
Tue Nov 28 13:49:41 1995
Date: Mon, 27 Nov 95 11:38:13 MDT
From: "Parker, Robert" <robpar@ccgate-ut.raxco.com>
To: ids@uow.edu.au
Reply-To: ids@uow.edu.au
Hello,
My name is Robert Parker and I am a Product Manager at AXENT
Technologies in Provo, UTAH. One of the products I am responsibel for
is called ITA and it does the real time alerting that you are looking
for. I have attached a short message about the product. If you are
interested further, contact me at 801-227-3752 (USA) or e-mail me at
robpar@axent.com.
Good luck in your search..
==============Begin text============================================
Improved Internet Monitoring, Anomaly Detection, and Application
Monitoring Added to AXENT's Intrusion Detection Software
New Software Release Can Link Events Over Time Across Client/Server
Platforms, Monitor Firewall Activity;
Enhanced Rules-Based Alert Utility Automatically Triggers User-Defined
Corrective Activity.
Washington, Nov. 6, 1995 AXENT Technologies today announced the
latest version of it's Security Event Monitor, OmniGuard Intruder
Alert (ITA). This powerful software tool uses rules based anomaly
detection to monitor security events across client/server networks.
According to Pete Privateer, AXENT's senior vice president, ITA can
form the basis of a comprehensive internet security strategy by
watching all accesses to the system. "Intruders typically use a
SATAN-like tool that probes various access points, looking for
weaknesses in the existing security. ITA detects these types of
probes and notifies administration, while at the same time take
protective measures to insure that no damage is done in the meantime,"
Privateer said.
According to AXENT, ITA has other uses as well. It can perform real
time checks of access controls, analyze and reduce system logs,
monitor applications or keep tabs on other security controls such as
firewalls, providing a type of intelligent virtual motion detector for
enterprise computing systems.
ITA version 2.1 enhances these capabilities by providing more
comprehensive anomaly detection across the entire network, improved
notification and event history recording, as well as the ability to
monitor not only system events but events related to any activity on
the system. Mr. Privateer explains, "For example, if someone has
access to a funds transfer application, typically they are to access
the application at specified times and from specified locations. If
the application is accessed at midnight from a foreign country, that
would be cause for alarm. ITA 2.1 can detect these types of security
violations and take any action desired by the user."
ITA Key Features
The heart of ITA is the rules-based inference engine that selects the
input it receives from various user definable sources, filters it as
necessary and then takes actions as dictated by the user. This simple
concept allows ITA to make pre-programmed decisions with administrator
involvement. ITA is the intelligent, automated watchdog that security
administrators have been waiting for.
Key features provided under ITA Release 2.1, all accessed via a
graphical user interface, include the ability to:
z Take action on any event - analyze any event from any product that
produces an audit log, including AXENT's other OmniGuard products,
firewalls, databases such as Oracle or Sybase, and system management
solutions.
z Link events over time - multiple events can be flagged and then
linked across the network. For instance, if failed login attempts are
registered at various locations across the net, ITA can detect them
and upon reaching a threshold number of attempts, take action as
determined by administration.
z Manage broadcast of notification messages - ITA X-Notify is a new
program for managing the broadcast of notification messages sent to an
Motif-based display, including X Terminals. The notification window
includes a colored alert bar that changes with the degree of severity
of the security event, a prioritized history of events and the
complete text of the event logged. Now an administrator can let ITA
watch for events, prioritize them and remind the user that action may
need to be taken.
z Monitor by day of week/date/time of day - allows an administrator to
watch for security events occurring on the weekend, late at night or
in any other time frame that is considered to be outside the norm. In
our previous example of the funds transfer program, accesses may not
take place outside of regular business hours. ITA can now detect that
anomaly and take action.
Availability and Pricing
ITA Release 2.1 is available immediately. It supports a large and
growing number of major computing platforms such as Hewlett-Packard,
IBM, Sun and Digital. For a complete listing, please refer to the
attached availability and key features matrix. Pricing is based on a
manager/agent architecture with managers costing $1995 and agents $995
each.
AXENT Technologies
AXENT Technologies is exclusively devoted to providing client/server
security solutions for multi-platform environments. The company's
broad line of security offerings is used by auditors, government and
commercial installations worldwide, to efficiently secure and protect
information systems running in heterogeneous computing environments.
Headquartered in Rockville, Md., AXENT serves more that 5,000
customers through it's 15 locations worldwide.
______________________________ Reply Separator _________________________________
Subject: Re: Good logging and real-t
Author: ids@uow.edu.au at ccgate-ut
Date: 11/21/95 4:10 PM
Reply to: RE>>Good logging and real-time alert tools ?
Andy,
Is this product truly "real-time"? How does it intercept unauthorized
activity?
In my search for "real-time" security products, I have found that most
products are simply "after the fact" security reporting tools.
Also, these products either took the approach of replacing operating system
command files or altering the UNIX Kernel to include security features. As
you probably agree, there are drawbacks to both approaches.
I recently found a product called SeOS from Memco. Their approach is to
redirect kernel pointers to tables that contain security rules and access
permissions. By the way, these tables are encrypted. Also, you can track users
even if they have changed their indentity to root or superuser. It also has a
GUI for administration purposes.
If "Security Manager" addresses security challenges in this fashion, I can
have my people evaluate it.
Regards,
Yalda Mirzai
ymirzai@amgen.com
__________________________________________________________
Consistency is the last refuge of the unimaginative. -Oscar Wilde
(1854-1900)
Amgen
