Qualys challenges IDS detractors


Qualys challenges IDS detractors

Qualys has introduced QuIDScor (Qualys IDS Correlation) at the Black Hat USA 2003 security conference in Las Vegas.

Offered as part of the QualysGuard auditing and perimeter-scanning web service, QuIDScor acts as a correlation engine that integrates QualysGuard vulnerability data with the open-source IDS Snort by filtering events for irrelevant operating systems, unused services and transparent vulnerabilities.

The goal is to prioritise events that demand immediate investigation, while simplifying the complexity associated with sifting through oceans of IDS alerts, said Gerhard Eschelbeck, chief technology officer and vice-president of engineering at Qualys.

Eschelbeck said an open-source API allows data to be transferred from QualysGuard using XML, meaning end-users can plug the module for integration into their own IDS systems.

"Now is the time for security technology to start talking together and communicating, and the web services model seems to lead into that very easily," Eschelbeck said.

Cutting down false positives through automation will "stretch the life" of IDS technology and make it more palatable, said Eric Ogren, senior analyst at The Yankee Group.

"Shrinking the output from IDS machines is a beautiful thing. I'm surprised that [security suppliers] don't do more of this," Ogren said.

Brian Fonseca wrties for IDG News Service

Related Topics: IT strategy, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy