Category: Product

The service, dubbed the IntelliShield Early Warning System, delivers information from TruSecure’s vulnerability-warning service to a device connected to a customer’s network.

The device then looks at the data on the network, gauges what effect the security flaw could have on it, and alerts information technology staff, depending on the level of threat.

The TruSecure service is the latest in a series of services launched to help companies determine how vulnerable their networks are to new security flaws. Other companies, including Qualys and Symantec, send out information on the latest security flaws to enterprise customers. However, those subscription service companies don’t tell managers whether the system affected by the flaw is a critical one, said Matthew Kovar, director of security solutions and services at analyst firm The Yankee Group.

More info: [url=http://zdnet.com.com/2100-1105_2-5147432.html]http://zdnet.com.com/2100-1105_2-5147432.html[/url]

[url=http://img.com.com//i/tr/contentHTML/r00620040113bxr01_01.htm]http://img.com.com//i/tr/contentHTML/r00620040113bxr01_01.htm[/url]

But now software engineers at Icosystem in Cambridge, Massachusetts, have developed a program that can predict what is coming next by “evolving” future hacker and virus attacks based on information from known ones.

The idea would be to generate these novel attack strategies centrally, then remotely update the intrusion-detection software protecting PCs and networks around the world. It works by mutating the short programs or “scripts” that hackers use to invade computers or which they plant on them for later activation. The result is artificially created hacking routines that security systems could be taught to recognise, allowing them to defend networks against previously unseen attacks.

More info: [url=http://www.newscientist.com/news/news.jsp?id=ns99994588]http://www.newscientist.com/news/news.jsp?id=ns99994588[/url]

Nick Lowe, Check Point director for Northern Europe, says his firm’s approach scores over Cisco’s Network Admission Control program by avoiding the need to install client software.

InterSpect appliances are based on Check Point’s Stateful Inspection and Application Intelligence technologies and designed specifically to inspect the protocols and applications used on internal networks.

According to Check Point, InterSpect is better than products designed for perimeter security within Intranet environments because of its greater awareness of internal applications and protocols (such as database protocol SQL).

More info: [url=http://www.theregister.co.uk/content/55/35003.html]http://www.theregister.co.uk/content/55/35003.html[/url]

Most commercial NIDSes depend on attack signatures to identify malicious or out-of-policy activity. Signature-based NIDS is a very CPU-intensive technology. Before comparing packets against the NIDS database of a thousand or more signatures, the sensors also have to perform a variety of compute-intensive operations such as HTTP normalization, converting URLs in HTTP data streams to a canonical format so that they can be compared against a list of known bad traffic. To keep from losing packets, NIDS signature writers generally only match against the minimum amount of data needed to validate an attack.

Some IDS vendors are working on making their signature and detection engines smarter, but others are taking a different path: target-based IDS. Take additional information about systems and change the signal-to-noise ratio to increase the signal and decrease the noise. You’d still get an alert for an attack packet, but if the attack were simply noise, the alert would be given a low priority.

Early entries in this field include Tenable Network Security’s Lightning Console, Cisco Systems’ Cisco Threat Response (CTR) and Internet Security Systems’ Fusion. These products combine traditional network scanning and vulnerability analysis with IDS alerting consoles. They all take in the raw alerts from your IDS consoles, but they “qualify” each alert based on whether your system is actually vulnerable.

The result: Far fewer alerts and analysis in minutes instead of hours.

This article takes a look at the nature of the beast these new tools are trying to tame.

More info: [url=http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci944401,00.html]http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci944401,00.html[/url]

Among the other Radia enhancements are a series of templates for commonly used applications that allow users to systematically provision the server applications without having to learn the intricacies of each installation and configuration. The customizable templates work with The Apache Software Foundation’s Web server; Microsoft Corp.’s Internet Information Services, Active Directory and SQL Server; BEA Systems Inc.’s WebLogic; IBM WebSphere; Sun Microsystems Inc.’s Sun ONE Directory Server; and Oracle Corp. applications on Windows, Unix and Linux.

Novadigm is also extending the suite’s platform support across operating systems, blade servers and load balancers. New native operating system installers supported include Hewlett-Packard Co.’s HP-UX Ignite, Microsoft’s Automated Deployment Services and Sun’s Solaris JumpStart. Radia Server Management also supports Intel Corp.-based blade servers from IBM, HP and Dell Inc., and it is integrated with load balancers from F5 Networks Inc. and Cisco Systems Inc.

More info: [url=http://www.eweek.com/article2/0,3959,1419832,00.asp?kc=EWRSS03119TX1K0000594 ]http://www.eweek.com/article2/0,3959,1419832,00.asp?kc=EWRSS03119TX1K0000594[/url]