The trend toward outsourced security services received a boost this
week when both Activis and Qualys made announcements of new managed
offerings.
Adding to its portfolio of security services, Activis announced
yesterday (27 March) the public availability of a new service to
manage intrusion detection systems. Activis already offers managed
firewall, vulnerability assessment and e-mail virus scanning
services.
Intrusion detection systems (IDS) are installed on networks and
alert administrators to attacks and suspicious activity directed at
networks. Because such systems are often sensitive to traffic
changes and unable to intelligently analyse or correlate data, the
systems are known for generating heavy volumes of alerts.
Beyond the large number of alerts, "the fundamental problem with
IDS is that it generates a large number of false positives," John
Cheaney, managing director of UK-based Activis, said.
Activis' new service aims to cut down on the number of alerts and
false positives that administrators have to chase down by removing
that task from administrators and giving it to Activis' operations
centre staff, Cheaney said. The company maintains three 24-hour
operations centres for its customers in the United States, the
United Kingdom and Germany, he said.
In order to use Activis' service, customers must have an IDS from
Internet Security Systems, Cisco Systems or Entercept Security
Technologies already installed, Cheaney said. From there, Activis
installs a device of its own, running a more secure Unix operating
system and Activis software on an Intel platform, which collects
data from the IDS and sends it to the operations centre, he
said.
Activis then uses its correlation technology to determine what
attacks are real, serious and need attention, Cheaney said.
Customers are notified when a security incident requires attention,
he said. A Web portal also supplies customers with detailed,
up-to-date data on attacks and the source of attacks, allowing
users to generate reports detailing attacks, he said.
Cheaney expects that the service will appeal to large companies,
especially those with multiple network sites because they may not
currently be able to correlate IDS events across those sites,
something Activis' service can do.
Activis' service is already available worldwide and has a starting
cost of $1,500 (£1,054) a month, he said.
Meanwhile Qualys have announced a plug-in for Check Point Software
Technologie's management console that will allow QualysGuard
managed security service subscribers to constantly monitor their
Check Point firewall for vulnerabilities.
The plug-in, combined with Qualys' certification in Check Point's
OPSEC (Open Platform for Security) program, will allow QualysGuard
users to monitor their firewalls for policy changes,
vulnerabilities opened by applications and to track changes,
according to Amer Deeba, vice-president of marketing at
Qualys.
Such a service will be crucial for firewall users to ensure that
configurations are proper and maintained, he said. "If you have a
firewall, you need to do vulnerability assessment. They go hand in
hand."
Qualys expects to expand the service to other firewall vendors,
including NetScreen and Cisco, in the future, Deeba added.
The QualysGuard for Check Point plug-in is available free to
current QualysGuard subscribers, Deeba said. A QualysGuard
subscription starts at around $1,000 (£703) per IP address.