IDS tools get more selective

Hoping to provide a respite to security administrators exhausted from intrusion detection systems (IDSes) that "cry wolf," security vendors are restructuring the way in which their products identify attacks. In another emerging trend, scaling IDS solutions so they can be offered as a managed service is also gaining momentum.

Security and network administrators continue to grapple with earlier IDS products that are too broad in their searches, thereby sounding off numerous alerts to potential attacks that often translate into false positives, according to Eric Hemmindinger, research director for Information Security at Boston-based Aberdeen Group Inc.

"The [IDS] product ceases to have value to [customers] because they're overloaded with information. It's a nightmare," Hemmindinger said. "We see companies trying in a number of different ways to reduce the number of false positives by learning to filter better and get rid of the noise."

A new player in the crowded IDS space, Lancope Inc. launched its company and Stealthwatch plug-in appliance on Tuesday. Stealthwatch analyzes traffic between multiple IP devices to uncover known or never before seen attacks, said Jay Chaudry, CEO and founder of Atlanta-based Lancope. Typically, IDS products rely on signature-based packet patterns to recognize a potential assault.

"We're focusing on undocumented attacks," Chaudry said. "Since we're not analyzing tons of packets and comparing them to signatures, we can handle very fast networks."

At the heart of its IDS technology, Lancope employs counters to construct a statistical-based "concern index" for every IP device in the network. This allows companies to set different levels of detection based on their needs. When combined with designated IP device service profiles, traffic can be analyzed to determine if it is legitimate or crafted by an intruder.

Turning its attention to the xSP market, last week Inc. introduced SecureNet Provider -- the latest member of its SecureNet IDS product suite -- built to scale intrusion detection across large enterprises and MSP (managed service provider) platforms.

Running on Microsoft Windows 2000 Server,'s SecureNet provider features IDS sensors deployed in the service provider environment, a central managing console, and a client desktop application. The MSP-focused solution allows end-users to create additional IDS tracking signatures for better accuracy, incorporates string matching, and conducts packet re-assembly to establish attack patterns, said Ryon Packer, vice president of product management at Richardson, Texas-based

According to Hemmindinger, only managed security service providers are capable of providing the same level of wide-range IDS deployment and centralized security device monitoring as's impending product.

SecureNet Provider software for the manager and client, available next week, starts at US$29,995 and is priced on an annual subscription basis.

Stealthwatch from Lancope is available priced starting at $20,000 per appliance.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Aberdeen GroupIntrusion.comLancopeMicrosoftSecureNet

Show Comments