IDS mailing list archives
RE: Correlation software
From: "Phil Hollows" <phollows () open com>
Date: Fri, 19 Mar 2004 05:56:53 -0500
[Fair Warning: I work for a security management and correlation company]
Hi Sam & list:
Security Threat Manager (STM) from Open (www.open.com <http://www.open.com> ) does what you're looking for,
providing real-time correlation, analysis and triage of FW, IDS, IPS, AV, VA and network events using a variety of
techniques. It links multiple (tens or hundreds or for worms thousands) of raw events from your devices into a few
timely, actionable and relevant alerts - in other words, significant false positive reduction. It links events to
asset values and vulnerability scans and recent event history and attack source. It also provides extensive reporting
and analysis capabilities into attacks, correlated threats and operations performance. We've a couple of case studies
(no registration required) on how the product works and the benefits it can bring at
http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf <http://www.open.com/pdf/STM_Case_Study_Legal_ROI.pdf> and
http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf
<http://www.open.com/pdf/STM_Case_Study_Finance_Firewall.pdf> if you're interested.
STM features a nightly update service that updates its internal database of exploit and vulnerability
signatures, so instead of writing rules for your correlation engine for each new potential attack vector and spending
time managing it, you are free to focus on improving policies, testing and verifying patches, ensuring that your IDS
are up to date, and otherwise working on proactive defense. It all runs on standard hardware too, and because it uses
a "no rules" approach to correlation, it's fast to install, baseline and tune.
Enough of the product info - I'm more than happy to continue the conversation off-list for Sam and anyone else
who's interested in product or implementation-specific detail.
Thanks
Phil Hollows
VP
OpenService Inc (www.open.com <http://www.open.com> )
-----Original Message-----
From: sam () neuroflux com [mailto:sam () neuroflux com]
Sent: Thu 3/18/2004 11:07 AM
To: focus-ids () securityfocus com
Cc:
Subject: Correlation software
Hello.. Thank you all for your responses to my Entercept email, they have
all been fantastic!
I am also looking to find out if there are any commercial Log Correlation
packages available? I'm looking for something that can correlate Firewall
+ IDS + HIDS type of logs and create a logical flow of events..
Can anyone recommend, or point me in the right direction?
Thanks!
-Sam
---------------------------------------------------------------------------
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit:
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Current thread:
- Correlation software sam (Mar 18)
- RE: Correlation software Mark Titley (Mar 19)
- Re: Correlation software Mike Lyman (Mar 22)
- RE: Correlation software Chris Petersen (Mar 23)
- RE: Correlation software Tadeo Cwierz (Mar 25)
- Re: Correlation software Rainer Duffner (Mar 23)
- <Possible follow-ups>
- Re: Correlation software Johann_van_Duyn (Mar 19)
- RE: Correlation software Phil Hollows (Mar 19)
- RE: Correlation software Chris Kirschke (Mar 19)
- Re: Correlation software Raffael Marty (Mar 22)
- RE: Correlation software Alberto Gonzalez (Mar 22)
- RE: Correlation software Mariusz Burdach (Mar 22)
- RE: Correlation software Joe Luna (Mar 22)
- RE: Correlation software AJ Butcher, Information Systems and Computing (Mar 25)
- Re: Correlation software David Chapdelaine (Mar 25)
- RE: Correlation software DeGennaro, Gregory (Mar 23)
- RE: Correlation software Phil Hollows (Mar 23)