IDS Products Take Different Tacks to Prevent Attacks | eWeek

IDS Products Take Different Tacks to Prevent Attacks

Written By
Dennis Fisher
Dennis Fisher
Jun 3, 2002
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Reflecting the industry trend toward advanced, hybrid intrusion detection systems, two vendors have unveiled IDS products that take different approaches to the challenge of identifying and halting attacks.

Lancope Inc. last week introduced Version 2.0 of its StealthWatch product, which includes several new capabilities and gives administrators a more detailed picture of each host on their network.

The new release enables users to set up zones that restrict certain classes of users to specific areas of the network.

For example, an administrator could set up a rule preventing remote users coming in over a virtual private network from accessing certain ports.

The new, granular security capabilities also enable administrators to see all the activity for each host.

In addition, it allows administrators to pull up a report on all the activity on a certain port across every host.

“When the SQLsnake was going around, you could have asked for all of the activity on port 1433 [which the SQLsnake scans] across all of your boxes,” said Byron Cleary, senior security engineer at Lancope, based in Alpharetta, Ga.

In its approach to a similar problem, NFR Security Inc., of Rock-ville, Md., recently launched its IMS (Intrusion Management System), as well as new versions of its Network Intrusion Detection and Host Intrusion Detection products.

The IMS platform is based on the companys concept of an attack timeline and the technologies that need to be deployed before, during and after an incident.

The IMS has an agent that performs vulnerability assessments, network and host-based IDS and is capable of responding to attacks that make it inside the network perimeter.

For example, the agent can modify firewall policies to close specific ports, log users off the system, disable accounts completely, send messages to SNMP traps and execute TCP reset commands.

The system also has data mining capabilities that enable an administrator to build a kind of case study of a specific event.

In addition, the IMS has the ability to determine which events have the potential to harm the network and to ignore all other events.

“Its not going to send you an alert that youre being scanned for a [Microsoft Corp. Internet Information Services] vulnerability if youre running Apache,” said Jack Reis, CEO of NFR. “When youre talking about firing buckets of data around, thats not trivial.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.