|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Intrusion
Detection Systems:
GuardedNet
GuardedNet's neuSECURE system automates correlation of data
between an organization's various security devices—and in the process,
it makes security managers' lives much, much easier.
[May 1, 2002] |
 |
The founders of GuardedNet first met as security consultants, building out security operations centers and network operations centers for enterprise and government clients. According to Robert Hughes, GuardedNet's President, the founders created GuardedNet in 1999 in order to take action on the integration issues they had struggled with on behalf of their customers.
"We noticed that there was a hole," Hughes said. "We could not find anyone
that integrated all the best of breed security products, including routers
from Cisco, Check Point for firewalls, and ISS RealSecure and Dragon on
the IDS side. So we said, let's write software that allows us to integrate
log data and perform analysis of that data in real time to provide true
threat management."
|
GuardedNet
|
 |
Toward that end, the company developed neuSECURE, a system that correlates information from all of an organization's various security products. "IDS systems only show half the picture, and that's why you have so many false positives," Hughes said. "What we do is take it to the next step, and that's analyzing both vulnerability and attack."
The fact that neuSECURE was built by people who had spent years developing operations centers themselves, Hughes says, is a great asset. "Major organizations that have reviewed the software say it works as if you're an analyst or a security person," he said. "The flow of the software is exactly a duplicate of what you would do in a security operations role."
In other words, neuSECURE helps at every part of the process, from the first steps of attack recognition to all levels of defense and analysis. "We took all of the things that we were doing by UNIX command line, and we put it into a web-based interface," Hughes said. "Everything that we do for the user is web-based and in real time."
Under
a secure aegis
The neuSECURE solution is built around the Central Management System (CMS),
which includes both a correlation engine to process incoming data and
a storage database to provide a permanent repository for the data processed.
Security analysts monitor the processes of the CMS through neuSECURE's
Web-based Console Manager (left).
Strategically positioned Event Aggregation Modules collect raw log data from the various security devices and then enable the CMS to analyze that data in an integrated manner. The correlated data is used to determine the threat level of a particular attack: different machines in a network, depending on the information they contain, can be weighted for higher or lower threat levels.
The software's reporting capabilities, Hughes says, are a key strength. "We've put together a large number of reports to provide dailies, weeklies, and monthlies of the number of security events that are affecting the organization, what countries they came from, what types of attacks they were, and what was done about them," he said.
The result is a significant increase in a security manager's ability to provide detailed accounting of all security activities. "Some of the security managers that turn these reports in to the upper layer of IT management say it's the first time they've had complete information to provide management on what's going on in security," Hughes said.
Hughes explains that neuSECURE doesn't replace a SOC: it just vastly improves upon it. "We're providing software that allows the proficiency of a security operations center to get tremendously increased," he said. "What you're able to do is to get better utilization of your staff. It's not staff reduction, because a lot of the large security groups are understaffed anyway—but you're getting more efficiency and better protection."
In fact, Hughes says, it's a worthwhile investment even if you're working with an MSSP: one of GuardedNet's larger clients uses neuSECURE even though their security is fully outsourced. "They say the software pays for itself in the knowledge that they're getting the service they're paying for," he said. "Since it detects all the information about the attacks, they can make sure they're getting caught."
Divide and conquer
For service providers in particular, neuSECURE offers the ability to divide
workforce assignments more clearly. "We have a complete hierarchy built
into the product," Hughes said. "I can take some of my people and assign
them to certain companies, and I can take another group and assign them
to other companies, and they can do threat analysis based on the security
domains they're assigned."
Pricing for the solution starts at $40,000 for the base package, which includes the neuSECURE Central Management System, one Event Aggregation Module, and a license for 25 devices (firewalls, IDS or routers). Additional devices can be purchased in blocks of 50, 100, or 1000. As you add more and more devices, Hughes notes, neuSECURE's scalability becomes a significant asset.
"At minimum, we guarantee to any customer that we correlate 500 events per second," Hughes said. "We do not know the top end. Most of our customers do not have enough data to even stress a top end on a decent-sized machine. We know that somewhere there's a scalability issue, but as long as we're twice or three times as fast as all of our competition, we don't worry about it."
In terms of competition, Hughes explains, GuardedNet's main competitors are e-Security , netForensics, and Intellitactics. In each case, Hughes contends that neuSECURE's performance and scalability consistently stands out. "When people start analyzing the total package, we stand ahead," he said.
Another potential competitor is the growing market of combined appliances like TippingPoint's UnityOne product—but Hughes contends that the desire for best of breed solutions will always keep companies looking at a combination of devices. "There's no single source that I know of, including TippingPoint, that wants to be everything to everybody," he said.
Ultimately, Hughes says, GuardedNet is all about giving the security manager as complete a picture as possible. "We go from router level all the way through to the application," he said. "When you start coupling all these pieces together into a total picture, then you're getting true threat analysis. We don't know of any other vendors that are doing that."
— End
Online Resources:
Intrusion
Detection Systems Directory
IDS
Quick Reference Chart
| Related articles: | ||
| [Dec. 24, 2001] | White Paper: Reducing Network Security Risk | |
| [Sept. 25, 2001] | Physical Security Augments Logical Security | |
| [July 11, 2001] | ISP-Planet Survey: MSSPs | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q1 2008 Top U.S. ISPs by Subscriber (Updated 07/22/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
