Looking for intrusion detection - Tripwire isn't it
Dr. Frederick B. Cohen (fc@all.net)
Sat, 19 Aug 1995 18:41:24 -0400 (EDT)
I guess it figures that the three responses I got via Email were
all about tripwire. Perhaps I wasn't clear enough. I wasn't looking
for an integrity checker to detect changed files on my server. If I
were, I would use Integrity Toolkit (before tripwire, there wat IT!, and
IT is better).
I am looking for a real-time intrusion detection system that can
take information provided by syslogs and other similar sources coming
from a distributed network of computers, fuse the incoming information,
and detect both patterns that are dissimilar to normal usage patterns
and patters that are indicative of known attack profiles.
A good example is CMDS by SAIC, but I know there are other such
products, and I am trying to get in touch with the vendors of those
other products to determine if any of them are as viable as CMDS, what
they cost, how they operate, and whether they will meet the needs of my
client.
I am interested in a package that operates on information from
different sources, including but not limited to Unix varieties and
output from routers. It would be best if it ran on trusted computing
bases, it would be nice if was programmable to allow us to customize it
to meet the client's ever-changing needs, and it would be even better if
it were supported by a substantial commercial organization with a
long-term commitment to its ongoing availability and enhancement.
Finally, it would be nice if the cost were relatively modest for the
value given, taking into account support, customization, etc.
I hope this has clarified my request for information.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236