Axent Intruder Alert | ||
 | ||
THE PROBLEM Firewalls and stronger authentication are part of the overall solution. But they do little to protect systems from expert hackers or "authorized" users (i.e. customers, partners or even disgruntled employees). A solution that monitors systems for patterns of misuse or abuse can warn you before systems are misused or information is stolen. THE SOLUTION Intruder Alert(tm) detects unauthorized and malicious activity, keeping systems, applications and data secure from misuse and abuse. If these systems are threatened, Intruder Alert can notify you and even take precautionary actions to prevent information theft or loss. While Intruder Alert permits the creation and deployment of new policies, it also actively maintains the availability and integrity of systems and data. And it provides the ability to centrally collect and securely archive audit logs for post-event analysis. THIS MEANS... Your internal computer network is hardened from mis-use from both outside and inside the network. You have protection in areas where your firewall does not provide any security.
AXENT Intruder Alert continuously monitors your key network hosts much like a motion detector or security guard watches a building. It detects unauthorized and malicious activity on any host and keeps the system, applications and data secure from misuse and abuse. If Intruder Alert detects a security threat it automatically sounds an alarm or takes other pre-programmed steps to stop a loss. Key features include:
Immediate Use: Intruder Alert comes ready to use out of the box. It has over 180 pre-configured detection signatures and rules covering over 250 anomalies developed for Windows NT, UNIX NetWare and NetWare Directory Services. With these signatures, you can immediately detect password-guessing attacks, administrative changes, failed system events and other critical security related incidents. Unique Three-tier Enterprise Architecture: Intruder Alert is implemented with a unique three-tier enterprise architecture that gives it exceptional scalability, reliability and multi-platform coverage. These three tiers are Agent, Manager and Console. An agent should reside on each server or workstation so it can monitor all activity on that host for misuse or abuse. Agents can be registered to one or more managers. The Intruder Alert Manager is a centralized management point in AXENT's distributed IDS model. It provides a central repository for managing detection signatures. It collects and securely archives selected audit data from all registered Agents, and correlates any suspicious activity that may occur on multiple systems. The console is the control center. It interacts with Intruder Alert Managers and is used to configure the IDS as well as view alerts. Multi-platform support: Intruder Alert provides security monitoring for more systems than any other intrusion detection product. Intruder Alert supports all commercial versions of UNIX (Solaris, SunOS, HPUX, AIX, Digital UNIX, IRIX, NCR and Motorola SRV4), NetWare (3.x, 4.x, 5.x and NDS) and Windows NT 3.51 and 4.0. Dynamic Custom Policies: Intruder Alert provides security administrators with the ability to define new detection signatures and deploy new detection signatures dynamically. It does this without disabling the intrusion detection services. This means that new detection capabilities can be added to your IDS without interrupting its protection. Enterprise Event Monitoring: If you monitor only the audit logs, then you may sometimes miss important events or detect them too late. That is why Intruder Alert goes beyond simple audit log monitoring. It also watches other services to detect security related events. These other event sources include the File System, supplemental system and accounting files, and audit logs from applications like Web or database servers. Powerful audit log reduction and post-event analysis: Intruder Alert gives security administrators the ability to centrally store, manage and review audit logs from systems through out the enterprise. This ensures that critical event data is preserved. In the event of an intrusion, it can also be used to reconstruct the event. Integrates with NetProwler: Intruder Alert and NetProwler can be used in concert with each other to provide the most complete and comprehensive intrusion detection solution available. NetProwler watches network activity for early warning signs of intrusion and Intruder Alert watches key servers and applications for misuse or abuse. A common alerts console collects and displays alerts from both systems. In addition, NetProwler alerts can trigger Intruder Alert rules and actions to provide an even wider range of response options. Integrates with Tivoli and BMC Patrol: Intruder Alert integrates with other IT applications including system and network management applications like Tivoli and BMC Patrol. This means that you can integrate security alerts into these management systems FEATURES AND BENEFITS
Intruder Alert supports a wide range of computing systems: Management Console: Windows NT, HP-UX, Sun Solaris(tm) Agents: AIX, Digital UNIX, HP-UX, IRIX(tm), NCR(tm), Solaris, SunOS, SVR4, Windows NT, NetWare Manager: AIX, Digital UNIX, HP-UX, IRIX, NCR, Solaris, SunOS, Windows NT, NetWare Intruder Alert integrates with other AXENT products, including NetProwler
|
 |
|
|
|
Centreline 2000 - Uniplex, Unix, Windows and Internet Arle Court, Hatherley Lane, Cheltenham, GL51 6PN Tel: (UK) 01242 255 000 |
|
|
|
|
|
URL: www.c2000.com/products/sec_ital.htm © 1995-2001 Centreline 2000 Last Updated: 1st September 2000 |
|
|
|
|
|
|
|
|
|
Details
