If you want a product that does consolidation and correlation , and anomily detection plus threat analysis take a look at our product called neuSECURE. It's the only threat analysis product on the market. Here is my previous email from the ids forum on the subject of threat analysis.
-----Original Message----- From: Matthew F. Caldwell [mailto:[EMAIL PROTECTED]] Sent: Thursday, May 09, 2002 5:00 PM To: Bobby, Paul; [EMAIL PROTECTED] Subject: RE: Threat Analysis - Papers, Studies, Software etc Paul, The issue you bring up is one that many of us are trying to reconcile. My position, and that of my company's, is that both correlation and statistical anomoly detection are merely pieces of a larger threat analysis process. Threat Analysis requires both a human element and an automated element. The automated aspect should start with correlated data (providing it is accurate), that is then analyzed using a number of other variables such as prioritization and validity of the threat, anomaly detection data (behavior etc), vulnerability information, perspective of the attack and a number of other variables that improve accuracy and completeness. Much of the confusion comes from vendors who imply that correlation (BUZZWORD) is threat analysis when that is really not the case. Correlation is simply the process of defining relationships between data sets and does not provide the prioritization that threat analysis does. It doesn't provide the information that an analyst needs to make good judgments. Vendor Hat - GuardedNet has created a product called neuSECURE that automates much of the Threat Analysis process and allows an analyst to get a comprehensive view of the company's security posture. The application was designed by 3 CISSP's (and GIAC's) with a sound background in security OP's. Matthew F. Caldwell,CISSP Chief Security Officer GuardedNet, Inc The home of neuSECURE. -----Original Message----- From: Nicolas Villatte [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 15, 2002 2:22 AM To: 'Matt'; [EMAIL PROTECTED] Subject: RE : Log Help NetIQ seems to be the product you are looking for, it allows consolidation an correlation of Windows NT/2k logs, Unix (Redhat and Solaris) syslogs, ISS Realsecure, Checkpoint Firewall-1 and even routers/switches. Best regards, Nicolas. > -----Message d'origine----- > De : Matt [mailto:[EMAIL PROTECTED]] > Envoyé : mardi 14 mai 2002 20:25 > À : [EMAIL PROTECTED] > Objet : Log Help > > > Hi Everyone > I was wondering if there were some suggestions on utilities > to monitor logs > and if anyone has used them ? > > Im looking for a assistant to help me with my log reading. I > know logs are > important and that if I dont read them I am setting myself up > for trouble in > many ways Security wise or other wise. The problem I have is > there is so darn > many of them and being basically a lazy person I want to get > the computer to > help me sort them all and monitor them all. I hate having to > hunt down logs > scattered all over the place, and admittedly linux is tons > better than other > operating systems I have used, its still a pain for me. > Can I scan my logs for keywords and have the bot email me if > it picks up pre > designated phrases or code words? Can I have a bot take > predetermined actions > based on log entries? I want to shift the burden a little bit > onto the > computer and give me more time to think rather than react.... > > Any help , thoughts, comments, suggestions is appreciated. > > Thanks > > Matt >
