Qualys challenges IDS detractors

Reducing the onslaught of false-positive alerts could breathe new life into IDSes (Intrusion Detection Systems), a technology...

Qualys has introduced QuIDScor (Qualys IDS Correlation) at the Black Hat USA 2003 security conference in Las Vegas.

Offered as part of the QualysGuard auditing and perimeter-scanning web service, QuIDScor acts as a correlation engine that integrates QualysGuard vulnerability data with the open-source IDS Snort by filtering events for irrelevant operating systems, unused services and transparent vulnerabilities.

The goal is to prioritise events that demand immediate investigation, while simplifying the complexity associated with sifting through oceans of IDS alerts, said Gerhard Eschelbeck, chief technology officer and vice-president of engineering at Qualys.

Eschelbeck said an open-source API allows data to be transferred from QualysGuard using XML, meaning end-users can plug the module for integration into their own IDS systems.

"Now is the time for security technology to start talking together and communicating, and the web services model seems to lead into that very easily," Eschelbeck said.

Cutting down false positives through automation will "stretch the life" of IDS technology and make it more palatable, said Eric Ogren, senior analyst at The Yankee Group.

"Shrinking the output from IDS machines is a beautiful thing. I'm surprised that [security suppliers] don't do more of this," Ogren said.

Brian Fonseca wrties for IDG News Service

Read more on IT strategy