Network IDS reduces “white noise” for more focus on critical vulns
RandomStorm has announced the latest release of its next generation network intrusion detection system (NIDS), StormProbe.
StormProbe analyses all network traffic, using more than 30,000 constantly refreshed malware signatures to identify any malicious payloads. When a matched rule is detected RandomStorm’s Instances, Events and Alerts (IEA) algorithm creates a matched rule Instance and begins to record all linked alerts as unique, time-based events, associated with the specific target host in the network, under the same Instance.
Part of the StormCore integrated security management platform, StormProbe represents a step change in IDS technology. Based around the same RandomStorm IEA algorithm that powers the company’s StormAgent Log Management software, StormProbe provides IT managers with a graphical view of the real-time threat status of the network.
Accessed via an intuitive management user interface, StormProbe classifies all Instances in terms of the level of severity, based on custom rules. This classification enables system administrators to immediately see when a one-off or prolonged attack is underway, as well as the nature and severity of the attack, to enable rapid, remediation.
Offering a highly granular forensics tool, StormProbe enables system administrators to drill down to view individual linked alerts and obtain a detailed picture of any attack or suspect activity, including information on the malware type, start, source, duration and target host IP address.
Installed as a dedicated appliance, StormProbe can be configured to monitor traffic flows targeted at up to one hundred specified hosts across the network, integrating seamlessly with RandomStorm’s security management UI, StormCore. System administrators are provided with timely alerts and security intelligence when anomalies, policy violations and security threats are detected in both the external traffic and host log files. This reduces response times and enables more focused use of IT resources.
To further minimize the administration burden placed on highly skilled IT staff, StormProbe generates a range of static, dynamic and custom reports, including trending threats and compliance reports. Its dedicated reports for regulatory frameworks are particularly suited to assisting merchant organizations to meet Payment Card Industry Data Security Standard (PCI DSS) requirements. Version 3.0 of the standard, due to be introduced in November, includes enhancements to help organizations to be proactive in identifying malware attacks on the cardholder data environment.
Built for SME and enterprise networks, StormProbe can support Linux, Apple Macintosh, Microsoft Windows and IBM iSeries (AS/400) environments.