Alert Sounds Alarm From Within

The security vendor's new service automates the response to network attacks from the network.

By Jim Wagner | Posted Nov 1, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Security vendor Alert Logic has launched a hosted subscription service that protects enterprise networks from internal attacks, the company said Monday.

Invision Security automates most of the processes undertaken by human hand when a machine on the network turns into a zombie (also called a botnet) and starts accessing internal databases or other types of malware .

Misha Govshteyn, Alert Logic CEO, said the company's service is much more effective than existing intrusion detection systems (IDS) (define) or intrusion prevention systems (IPS) . While an IDS or IPS can detect possible attacks based on network traffic analysis, they are very inaccurate and prone to false positives.

In addition, officials said, IPS and IDS products cover only 10 percent to 20 percent of malicious traffic entering and leaving the network firewall, while internal network traffic is largely left alone.

"The biggest problem is that a lot of the traffic still makes it through IPS appliances," he said. "They can only block traffic they are certain about, but a lot of the attacks are just possible attacks -- nobody knows whether they are malicious attacks or whether they're valid business traffic."

The technology uses an algorithm that simulates the activities of a security analyst when they discover questionable network traffic. Invision Security analyzes attack behavior patterns, network topology changes and security vulnerabilities to give it a threat ranking.

All told, Alert Logic has accumulated roughly 400 threat scenarios that indicate an internal attack on the network.

Similar in concept to virus definitions, Alert Logic's threat scenarios consist of monitoring network traffic, correlating the traffic against previous threat scenarios and constructing a sequence of events to discover whether the network traffic indicates an attack.

Once that rank reaches a threshold value determined by the IT shop, Invision Security attempts to shut down the attack by taking control of enterprise routers, firewalls and switches and pointing the finger at the machine causing the problems.

This automation, officials said, cuts down on approximately 90 percent of the manual decision-making processes used by in-house security administrators.

The Invision Security subscription service covers the cost of updated threat scenarios created by the company's Alert Logic Research Team (ALRT) and the hardware installed in the customer's network.

There are eight appliances available, depending on the size of the network, to handle traffic in a range from 10Mbps to gigabit speeds.

Article courtesy of internetnews.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter