The Web    Google
Network Intelligence Upgrades Security Alert Manager

Network Intelligence Upgrades Security Alert Manager
April 18, 2002

Network Intelligence Corp. this week announced a new, speedier version of its tool that helps users make sense of the onslaught of alerts coming from their firewalls, intrusion detection systems and virtual private networks.

The new software, enVision, delivers triple the peformance of the company's existing Network Intelligence Engine appliance. enVision software can run on the appliance or on the user's own Windows 2000-based hardware, says Matt Stevens, vice president of technology for Network Intelligence, based in Walpole, Mass.

enVision collects event and log data in real time from security tools from vendors including Check Point, Cisco, Intel, ISS and NetScreen. The software aggregates these logs and provides alert correlation as well as historical reporting, Stevens says.

Whereas the previous high-end version of the Network Intelligence Engine could process a maximum of 5,000 events per second, enVision can handle up to 15,000 events/sec. That kind of performance is required in large networks, he says, given that a mid-range to low-end firewall attached to a T-1 line alone can generate about 250 events/sec and a T-3 would easily exceed 2,000.

With its historical reporting capabilities, enVision can help users ensure their various security policies are functioning as intended. Looking at reports that show the overall mix of users and what connections are being allowed and disallowed, users can get a feel for whether their policies are effective.

"You may find you've been denying connections to a partner's ERP package repeatedly, but come to find out the partner had changed an internal IP address and you hadn't opened up a hole in your firewall for that address," Stevens says.

While Network Intelligence competes with some security management products, such as IBM Tivoli's Risk Manager and tools from NetIQ and WebTrends, Stevens says it can play a complementary role to others.

"Some management consoles have a tough time keeping up with large numbers of alerts," he says. "From several thousand alerts, we may generate just one alert," and pass that on to a Hewlett-Packard OpenView, Tivoli or e-Security, Inc. console.

Pricing for the Network Intelligence Engine appliance ranges from $18,000 for the 1000 event/sec model to $46,000 for the 5,000 event/sec version. enVision software ranges from $7500 for a 500 event/sec version to $35,000 for 5,000 event/sec. (Multiple 5,000 models can be combined to achieve 15,000 events/sec performance.) All versions are available now.

  • 5/17: Flush-D Trojan Modifies DNS Server
  • Should You Hack Your Own Network?
  • MS Patches 'Moderate' DirectX Flaw
  • 6/14: Spybot-CO Spreads via KaZaA Network
  • Security Experts On Alert for Large-Scale Hacker Assault
  • Sue a Spoofer Today
  • Check Point Appliances Target Small Businesses
  • 4/8: Mytob-AB Worm Comes as Attachment
  • 7/23: Dluca-CQ an Adware Application
  • AT&T on DoS: Early Detection Equals Prevention
  • Sue a Spoofer Today
  • Compare Security Camera Products