InformationWeek

May 29, 2000

Printer ready

Providers Offer A Variety Of Intrusion-Detection Services

By Kelly Jackson Higgins

TechEncyclopedia

Send Us Your Feedback

t's only the beginning. Aside from traditional intrusion-detection companies such as Axent Technologies Inc. and Internet Security Systems Inc. moving to more of an application service provider model, and a raft of newcomers such as Intrusion.com Inc. and DefendNet Solutions Inc., more managed-security offerings are on the way. About 10 new providers will get funding within a month or so, says Matthew Kovar, a program manager at consulting firm the Yankee Group.

Here are some of the intrusion-detection services available today:

Pilot Network Services Inc. offers an overall secure IP network service with built-in intrusion detection. Pilot's proprietary Heuristic Defense Infrastructure technology "learns" from past network events and applies that knowledge when it takes action or does other tracking. HDI runs either automated or semi-automated searching files, checking for known signatures and suspicious traffic, says Phil Simmonds, director of technical marketing at Pilot. The service also relies on Pilot's security technicians, who analyze network traffic.

All three of Pilot's main network services-secure Internet, secure hosting, and virtual private networks-come with intrusion detection. As with any secure IP network service, the catch is that you have to be a Pilot subscriber. Pilot's secure Internet access service, which includes intrusion and other security services, starts at $6,500 a month plus a $13,500 setup fee; its VPN service is priced at $1,000 a month plus a $6,000 setup fee for 400 users.

IBM Global Services has been offering network-intrusion services for three years as part of its consulting, vulnerability, and virus services. Michael Puldy, global solutions executive for IBM, says most of its customers go with the vulnerability/intrusion-detection service combination. He says customers can count on IBM Global Services to review their environments and add intrusion detection if someone is trying to break in.

IBM Global Services has experienced a surge in intrusion business of late, says Puldy, who adds that IBM is in discussions with host-based intrusion providers to possibly expand the service to watching the operating system as well. IBM's service starts at $37,500 a year. The idea is to offer customers suggestions for taking action in response to an event. IBM uses data mining to correlate overall attack trends, which lets it anticipate what might happen next.

Internet Security Systems, one of the top intrusion-software companies, is moving into the services market, thanks to its acquisition last year of managed-security services provider Netrex Secure Solutions. However, Allen Vance, director of offer management for managed security services at ISS, says software still represents about 65% of the company's business; managed services make up about 20%. ISS also touts its relational database support, which includes Microsoft Access. Users can generate reports and store lots of data, but without a full-blown Oracle database, says Vance.

ISS sells the bulk of its software and services through partners such as BellSouth Corp., which offers ISS's ePatrol Managed Intrusion Detection service and other managed security services to its IP customers. ISS next month will add a Unix intrusion-detection appliance to its product repertoire. ISS charges about $3,000 a month for intrusion-detection services and between $1,000 and $3,000 a month for managing a firewall.

DefendNet offers a service for small and midsize companies. For about $200 a month, DefendNet will put a firewall on a company's site and handle all security filtering, host- and network-level intrusion-detection tracking, and reconnaissance. DefendNet typically markets its service through small Internet service providers.

RIPTech Inc.'s Esentry software has its roots in the Department of Defense, where company co-founder and president Amit Yoran helped deploy what was the world's largest intrusion-detection infrastructure. RIPTech's intrusion service is based on a Microsoft SQL relational database with data-mining features, and it supports various firewall and intrusion-detection tools. The company's operations center analyzes each event from its sensors. RIPTech remotely manages the security infrastructure and recommends how to respond to events.

Counterpane Internet Security Inc. takes the home-security system approach, acting as a burglar-alarm service. Bruce Schneier, founder of Counterpane, says the company installs sensors on its customers' sites and then waits and re-sponds to alarms. The service provider charges about $12,000 a month.

return to page "Human Element Is Key To Stopping Hackers"

Back to This Week's Issue
Send Us Your Feedback
Top of the Page