|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
Intrusion
Detection Systems:
Computer Associates
Computer Associates' eTrust Intrusion Detection software
was originally developed as a content control solution—which means
you get the functionality of two products for the price of one.
[February 20, 2002] |
 |
Computer Associates, CA for short, was founded in 1976 to provide performance-enhancing software for IBM machines. They've come a long way since then. According to Jonothan Garside, CA's Business Manager for eTrust Security Solutions, the company has been expanding lately into such areas as storage management, portal management—and security.
CA acquired Platinum Technologies in 1999 and combined Platinum's solutions
with its own offering. "We consolidated their products, along with existing
CA technologies, into the eTrust product group," Garside said. "There
are 17 eTrust products, categorized into Management, Access, and Defense—defense being made up of firewall, intrusion detection, and anti-virus."
|
Computer
Associates |
 |
Still, Garside stresses that each of the eTrust products works just as well on its own as it does as part of the group. "They are all standalone products in their own right," he said. "They don't rely on each other to work in the best manner. If you have someone else's access control solution, you can use our directory, and vice versa. Interoperability with third party products is key."
CA's IDS product, which came to the company as part of the Platinum acquisition, is eTrust Intrusion Detection. The solution was originally developed by an Israeli company, AbirNet, as the content control program for SessionWall. Garside points out that in many ways, the product's origins underlie its key strengths.
"It was principally designed to provide content control, so you could see all the traffic—which is exactly what you want an IDS tool to do," Garside said. "When CA took over the product, they decided to modify it to become an IDS tool. They already had a robust management system that could handle high data levels-if you're recording whole web pages, it's very easy to record just a couple of text strings."
Betterment
Despite SessionWall's strengths, CA didn't stop its development process
with the initial release. Garside notes that recent additions to the product
include improved scalability, as well as packet scripting to remove false
positives and to improve performance.
In addition, Garside notes, the product's rules database is constantly expanding. "The database has over 3000 rules," he said. "Those rules are dynamically updated via a pull system, so the management is much easier. You always know it's up to date and you've got the latest rules in there. It's very much like an anti-virus solution: you're only as good as the last update."
And CA has kept SessionWall's content control functionality in the product, giving it some unique assets in the IDS market. "If you can stop people downloading the tools to create problems inside your network, you'll minimize alerts," Garside said. "If you're only protecting your perimeter, you're not protecting the interior of your network. We're the only company to provide content control functionality within an IDS solution."
Other CA products can easily be integrated with eTrust Intrusion Detection. eTrust InoculateIT, CA's virus protection solution, uses anti-virus technology from such vendors as Vet and iRiS. Integrating InoculateIT with eTrust Intrusion Detection, Garside says, gives you a second line of defense: if InoculateIT catches a virus, eTrust can tell you how it came in, where it came in, and where it went.
The product's architecture also allows for straightforward integration with third party solutions. "The rules in the intrusion detection database are exactly the same structure as the rules in a Check Point firewall," Garside said. "You can minimize the number of rules in your firewall to enhance performance through the gateway, with IDS providing the backup."
That kind of interoperability, Garside explains, is essential. With the next release of eTrust Intrusion Detection, going to beta soon, CA will also include support for dynamic reconfiguration of Cisco PIX Firewalls. "When things go wrong, you want something that will do it automatically for you," Garside said. "When you've got an attack coming into your system, you don't want to have to remember 26 lines of code to add in."
Finally, eTrust Intrusion Detection's ease of installation is virtually unique. "To install this IDS solution, you insert the CD, you press Return three times and reboot, and that's it," Garside said. "It really is that easy to install. Because of the product's foundations as a content control tool which was going to be installed by managers rather than admin people, we had to make it simple."
Pricing for eTrust Intrusion Detection starts at $3,285 and includes all updates for the first year. The fee increases based on the number of users at a site, up to a maximum of $21,000. Ongoing maintenance and updates are available for an annual fee, which is 20 percent of the original license fee.
IDS as a value-add
Garside explains that many ISPs not only offer eTrust Intrusion Detection
to their customers, they also provide updates as a value added service.
"We have a number of ISPs who use our VPN solution to deliver updates
to customers," he said. "While CA provides it as an automatic system,
the ISPs ensure that it's delivered: they go in and make sure their customers'
systems are up and running."
eTrust Intrusion Detection supports both central and distributed alerting, allowing an ISP to monitor a customer's site from a central location while allowing that customer to monitor their own network at the same time. And with over 125 built-in reports, the information available is extensive, both to the ISP and to the customer. Last summer, Texas-based McAllen Independent School District announced it had selected eTrust Intrusion Detection to monitor Internet usage throughout the district's 31 schools. According to McAllen MIS Director Tomas Perez, the product's beginnings as a content control solution were a great asset in ensuring that the right people had access to specific areas of the network.
"[It's] been instrumental in helping the district meet state and federal mandates regarding authorized access to network resources," Perez said. "Its powerful tool set has enabled us to safeguard our network environment while applying security policies that can be tailored to the different requirements of students, teachers and staff."
Perez uses the solution to block Internet access to restricted web sites, and to limit usage to specific hours of the day. Login procedures give less restricted access to faculty and staff, while monitoring students' usage. And setting up the entire system, Perez says, was surprisingly simple. "In just a short time, eTrust Intrusion Detection has helped us establish a built-in layer of protection," he said.
That same simplicity, CA's Garside notes, is a great selling point for ISPs. "The ISP can put this on a pre-configured server, put it out at a customer's site, and know that it is going to deliver immediately," he said. "The value add for them is that they can lease it to the customer—it's additional revenue, you're looking after the customer's security, and if you control the gateway, you control the network."
— End
Online Resources:
Intrusion
Detection Systems Directory
IDS
Quick Reference Chart
| Related articles: | ||
| [Feb. 15, 2002] | Battening Down SNMP | |
| [Dec. 24, 2001] | White Paper: Reducing Network Security Risk | |
| [July 11, 2001] | ISP-Planet Survey: MSSPs | |
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q1 2008 Top U.S. ISPs by Subscriber (Updated 07/22/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
