...a vendor touting an award winning network IDS solution with a flair on forensics. Admittedly, the combo (if the sales pitch held steadfast) would fit nicely in a security professional’s tool bet, limiting number of vendor products, its promised integration with SIM (Security Information Management) solutions; and did you say DLP (Data Leakage Prevention) too.
Well, an IDS solution it was not. Sure it did signature based detection (in-line via span ports) and that’s pretty much it. The appliance does not champion any IDS packet anomaly, behavioral, nor Artificial Intelligence (neural/neurons) recognition. A pure match on signature and a couple custom scripts written by you for additional alerting and you'd be good to go. For correlation, exporting and anything else…you need to sign-up for the mothership offering that includes a proprietary database collection engine, allowing you to capture every packet (payload and all) in your network provided you place a sensor in all the segments you want to monitor. Like any other sniffer trace, you can view the capture in binary or hex format (depending on how you’d like to fall asleep). The solution does offer a GUI interface for management and configuration; but given a large environment you do the math…up to a cool hundred in total sensors with terabytes of data (in days) indexed in a database. However, since its proprietary you need to keep that storage or archive on-line somewhere to make sure of it (since the cataloging and indexes reside within the proprietary database) so pricing didn’t come up probably for a good reason.
But you’ll be armed with volumes of data to assemble and extrapolate information (usually post-incident) to your hearts content—so that’s the forensics side; but you will need to rely on your own FTE or forensics staff [standing ideal] to perform the analysis.
Now, with this feature-set, imagine the topic on electronic data discovery and privacy/compliance with this type/volume of information. Consider the “auitability” and preservation and category of documentary evidence; let along admissibility and validity.
This product screams BUY ME! An acquisition by a bigger fish spells $$$ for the company’s owners/investors and integration with a product that can leverage the captured data would be phenomenal (for something other than an just an IDS offering).
No comments:
Post a Comment