Adding to its portfolio of security services, Activis announced yesterday (27 March) the public availability of a new service to manage intrusion detection systems. Activis already offers managed firewall, vulnerability assessment and e-mail virus scanning services.
Intrusion detection systems (IDS) are installed on networks and alert administrators to attacks and suspicious activity directed at networks. Because such systems are often sensitive to traffic changes and unable to intelligently analyse or correlate data, the systems are known for generating heavy volumes of alerts.
Beyond the large number of alerts, "the fundamental problem with IDS is that it generates a large number of false positives," John Cheaney, managing director of UK-based Activis, said.
Activis' new service aims to cut down on the number of alerts and false positives that administrators have to chase down by removing that task from administrators and giving it to Activis' operations centre staff, Cheaney said. The company maintains three 24-hour operations centres for its customers in the United States, the United Kingdom and Germany, he said.
In order to use Activis' service, customers must have an IDS from Internet Security Systems, Cisco Systems or Entercept Security Technologies already installed, Cheaney said. From there, Activis installs a device of its own, running a more secure Unix operating system and Activis software on an Intel platform, which collects data from the IDS and sends it to the operations centre, he said.
Activis then uses its correlation technology to determine what attacks are real, serious and need attention, Cheaney said. Customers are notified when a security incident requires attention, he said. A Web portal also supplies customers with detailed, up-to-date data on attacks and the source of attacks, allowing users to generate reports detailing attacks, he said.
Cheaney expects that the service will appeal to large companies, especially those with multiple network sites because they may not currently be able to correlate IDS events across those sites, something Activis' service can do.
Activis' service is already available worldwide and has a starting cost of $1,500 (£1,054) a month, he said.
Meanwhile Qualys have announced a plug-in for Check Point Software Technologie's management console that will allow QualysGuard managed security service subscribers to constantly monitor their Check Point firewall for vulnerabilities.
The plug-in, combined with Qualys' certification in Check Point's OPSEC (Open Platform for Security) program, will allow QualysGuard users to monitor their firewalls for policy changes, vulnerabilities opened by applications and to track changes, according to Amer Deeba, vice-president of marketing at Qualys.
Such a service will be crucial for firewall users to ensure that configurations are proper and maintained, he said. "If you have a firewall, you need to do vulnerability assessment. They go hand in hand."
Qualys expects to expand the service to other firewall vendors, including NetScreen and Cisco, in the future, Deeba added.
The QualysGuard for Check Point plug-in is available free to current QualysGuard subscribers, Deeba said. A QualysGuard subscription starts at around $1,000 (£703) per IP address.