Security services and consulting firm Nebulas Security has said it is seeing high levels of interest in its real-time network awareness passive scanning system, which can be used with the Snort open source intrusion-detection system to radically reduce the problem of false positives.
Intrusion detection and patch management are two issues that are driving interest in security services right now said managing director Nick Garlick, and we are seeing growing and genuine interest from companies interested in RNA.
The RNA discovery tool will discover desktop and server operating systems and applications and then compare the attack alerts with the operating systems and applications on computers on the corporate network. RNA means we can start to develop real-time network awareness, he claimed.
The system constantly monitors all network assets to provide a persistent view of network asset profiles such as the media access control or MAC address that uniquely identifies each node of a network, the operating system and version, ports and so on. It monitors traffic flow, traffic type and traffic volume, and correlates them all against known security vulnerabilities.
Garlick said it is now possible to identify all data packets passing across a network and map vulnerabilities against the profile of the switches, routers, servers and various end point devices that are on the network. It should help to almost eliminate false positives, he stated.
Industry watchers suggest the move to add RNA will push Sourcefire Inc’s Snort from the more traditional IDS space into the general policy-enforcement arena. It is said that Sourcefire has about 400 corporate customers that use the commercial version of Snort and an estimated 100,000 Snort freeware users.
Set up in 2001, privately-held London-based Nebulas is coming out of start-up phase and already claims 120 corporate customers of the likes of Coca Cola, BSkyB and ‘several retail banks’. It offers security strategy and implementation services, and resells products from Checkpoint, Nokia, uRoam/F5 Networks, CipherTrust and ZoneLabs.