Intrusion detection and managed security services firm Internet Security Systems (ISS) made a slew of announcements Monday detailing new network scanners, new security alert management options, a new product strategy and more.
ISS took the wraps off its new RealSecure Network Sensor 7.0, the newest in its line of network security products, which adds the ability to detect hybrid threats like Internet worms, user-definable signatures, faster performance and automatic updates, according to a statement from ISS. The new version also completes the integration of technology acquired when ISS bought Network ICE in May 2001, the company said.
The new version of the Network Sensor has added a combination of anomaly detection and pattern matching used to attempt to identify both known and unknown attacks, including hybrid threats like the Code Red and Nimda worms, before signatures have become available for them, ISS said. Adding to the roster of signatures available for its devices, ISS also said that signatures for the open source intrusion detection system Snort are supported in RealSecure Network Sensor 7.0. Signatures can also be automatically updated in the new version.
RealSecure Network Sensor 7.0 also allows alerts to be sent via pager, inserted into trouble ticket systems and more, according to ISS. The product will be released in the second quarter at a starting cost of US$8,995.
ISS also announced RealSecure Guard, an in-line intrusion detection device that blocks or analyzes traffic as it flows through a network, rather than processing the traffic after it's passed through and is in the network as other intrusion detection systems (IDS) do, ISS said. As traffic moves through RealSecure Guard, it is analyzed and blocked using firewall rules if the traffic is malicious, with benign traffic moving on, according to the company.
RealSecure Guard is immediately available at a cost of $11,000.
Along with bolstering its product line, ISS announced a new architecture for its sensors that will bring users more modular security options. The architecture takes a page from the server market by mirroring the "server blade" system used there to add features and functions through removable, plug-and-play hardware boards. In ISS' case, it will mean that the company's sensors will be able to be quickly updated with new functionality via users downloading small software libraries that contain the new features, the company said.
Additionally, ISS said that its RealSecure SiteProtector management console will expand the number of security systems that it can draw data from to include those offered by Check Point Software Technologies Ltd., Cisco Systems Inc., Nokia Corp. and Sun Microsystems Inc., among others. Adding this capability will give users a greater view of their overall security posture from within a single application, the company said.
Though the raft of announcements from ISS may seem overwhelming, a number of the new products indicate that "things are getting interesting in the IDS space," according to Peter Lindstrom, senior security strategies analyst at the Hurwitz Group Inc.
Of particular interest is RealSecure Guard, according to Lindstrom, which he described as "incredibly intriguing." Intrusion detection systems are often plagued by false positives and false negatives -- alerting users to events that are not attacks, or failing to recognize attacks as they happen, he said, but the Guard product should avoid some of those problems.
With Guard, "I can feel more confident recommending IDS to some of the smaller players" who might otherwise not have had the manpower to deal with an intrusion detection system, Lindstrom said.
Lindstrom was also enthusiastic about ISS adding detection for both known and unknown attacks in RealSecure Network Scanner as well as the news that ISS would add support for third-party security events to its console.
"In the end, we all hope there will be only one (security management console)," he said. "That's the one people are all shooting to be."
"This is ISS saying 'we're here and we're a formidable player in this space,'" he said.