September 8, 1997

Real-Time Security Arrives Tools and services alert administrators to system attacks By Beth Davis ools and services are hitting the market to help IT managers do what, until recently, seemed impossible: catch network and system breaches as they happen. Network General Corp. will announce next week a toolset with a Java interface that alerts IT administrators to security attacks in real time. IBM will roll out a service next month that monitors corporate networks and identifies attacks around the clock. Internet Security Systems Inc. next month will unveil a version of its RealSecure product that will actively reconfigure a firewall that's been compromised and alert network administrators to unauthorized Java applets or ActiveX controls. Intr usion Detection Inc. last month delivered a "burglar alarm system" for Windows NT machines and will expand it in November to NetWare and Unix systems, firewalls, and Web servers. Intrusion detection, which includes automated responses that can stop illegal activity and fire off alerts to administrators, is sometimes called the second line of defense behind firewalls. Firewall systems do churn out audit logs, but administrators must sift through them for anomalies. "Intrusion detection tools let you leapfrog over the laborious, manual-intensive forensic investigation of all those different logs," says Jude O'Reilley, an analyst with Gartner Group Inc. in Stamford, Conn. Underpinning intrusion detection products of Network General and IBM is technology from WheelGroup Corp., a two-year-old company in San Antonio, with roots in the U.S. Air Force Information Warfare Center. WheelGroup also makes NetRanger, a set of tools that includes sensors that watch router traffic and a central intrusion detection co nsole. Perot Systems Corp. uses NetRanger to bolster security on an extranet it is building to let customers access databases and applications on its network. "It's a developing technology," says Gabe Long, a senior network engineer at Perot, in Dallas. "When we looked eight months ago, everybody was offering a firewall, but nobody really had intrusion detection." Intrusion detection is pricey: A typical installation of many of these vendors' products costs more than $50,000. IBM's service, which includes monthly audit reports, emergency response services, and weekly tests to check network vulnerability, will fetch $75,000 a year. But some users say costs are becoming less of an obstacle. Says Jeff Smith, a network engineering manager at Perot: "It comes down to this question: How much is your data worth?" See related story " Security Survey: Is It Safe? " Back to News in Review Send Us Your Feedback Top of the Page

---