Tool Aims to Reduce IDS False Alarms
As administrators and IT managers continue to look for ways to improve the signal-to-noise ratio in their IDS systems, a small company is unveiling a new product designed to reduce false positives and get fixes to vulnerable machines quickly.As administrators and IT managers continue to look for ways to improve the signal-to-noise ratio in their IDS systems, a small Indiana company is unveiling a new product designed to reduce false positives and get fixes to vulnerable machines quickly. Intelligent IDS combines the functionality of a typical network IDS with real-time vulnerability assessment and remediation capabilities. Taken individually, none of these features is exactly groundbreaking. But Intelligent IDS is one of the first products to throw them all in the same mix. The new software is essentially a plug-in for the Snort open-source IDS and also uses the Nessus open-source scanner.
The most oft-voiced complaint about IDS technology is its propensity for false alarms. A security specialist managing an IDS at any medium or large enterprise is likely to spend a great deal of time sorting through page after page of logs filled with seemingly important attacks, only to find that the vast majority of these events are the electronic equivalent of those expensive and annoying car alarms that everyone ignores. SecurityProfiling Inc. officials say their technology will help reduce the number of false positives by comparing incoming attacks against the configuration of the besieged machine to see whether it is vulnerable to that particular exploit.
Find white papers on security.