Hello, My name is Robert Parker and I am a Product Manager at AXENT Technologies in Provo, UTAH. One of the products I am responsibel for is called ITA and it does the real time alerting that you are looking for. I have attached a short message about the product. If you are interested further, contact me at 801-227-3752 (USA) or e-mail me at robpar@axent.com. Good luck in your search.. ==============Begin text============================================ Improved Internet Monitoring, Anomaly Detection, and Application Monitoring Added to AXENT's Intrusion Detection Software New Software Release Can Link Events Over Time Across Client/Server Platforms, Monitor Firewall Activity; Enhanced Rules-Based Alert Utility Automatically Triggers User-Defined Corrective Activity. Washington, Nov. 6, 1995 AXENT Technologies today announced the latest version of it's Security Event Monitor, OmniGuard Intruder Alert (ITA). This powerful software tool uses rules based anomaly detection to monitor security events across client/server networks. According to Pete Privateer, AXENT's senior vice president, ITA can form the basis of a comprehensive internet security strategy by watching all accesses to the system. "Intruders typically use a SATAN-like tool that probes various access points, looking for weaknesses in the existing security. ITA detects these types of probes and notifies administration, while at the same time take protective measures to insure that no damage is done in the meantime," Privateer said. According to AXENT, ITA has other uses as well. It can perform real time checks of access controls, analyze and reduce system logs, monitor applications or keep tabs on other security controls such as firewalls, providing a type of intelligent virtual motion detector for enterprise computing systems. ITA version 2.1 enhances these capabilities by providing more comprehensive anomaly detection across the entire network, improved notification and event history recording, as well as the ability to monitor not only system events but events related to any activity on the system. Mr. Privateer explains, "For example, if someone has access to a funds transfer application, typically they are to access the application at specified times and from specified locations. If the application is accessed at midnight from a foreign country, that would be cause for alarm. ITA 2.1 can detect these types of security violations and take any action desired by the user." ITA Key Features The heart of ITA is the rules-based inference engine that selects the input it receives from various user definable sources, filters it as necessary and then takes actions as dictated by the user. This simple concept allows ITA to make pre-programmed decisions with administrator involvement. ITA is the intelligent, automated watchdog that security administrators have been waiting for. Key features provided under ITA Release 2.1, all accessed via a graphical user interface, include the ability to: z Take action on any event - analyze any event from any product that produces an audit log, including AXENT's other OmniGuard products, firewalls, databases such as Oracle or Sybase, and system management solutions. z Link events over time - multiple events can be flagged and then linked across the network. For instance, if failed login attempts are registered at various locations across the net, ITA can detect them and upon reaching a threshold number of attempts, take action as determined by administration. z Manage broadcast of notification messages - ITA X-Notify is a new program for managing the broadcast of notification messages sent to an Motif-based display, including X Terminals. The notification window includes a colored alert bar that changes with the degree of severity of the security event, a prioritized history of events and the complete text of the event logged. Now an administrator can let ITA watch for events, prioritize them and remind the user that action may need to be taken. z Monitor by day of week/date/time of day - allows an administrator to watch for security events occurring on the weekend, late at night or in any other time frame that is considered to be outside the norm. In our previous example of the funds transfer program, accesses may not take place outside of regular business hours. ITA can now detect that anomaly and take action. Availability and Pricing ITA Release 2.1 is available immediately. It supports a large and growing number of major computing platforms such as Hewlett-Packard, IBM, Sun and Digital. For a complete listing, please refer to the attached availability and key features matrix. Pricing is based on a manager/agent architecture with managers costing $1995 and agents $995 each. AXENT Technologies AXENT Technologies is exclusively devoted to providing client/server security solutions for multi-platform environments. The company's broad line of security offerings is used by auditors, government and commercial installations worldwide, to efficiently secure and protect information systems running in heterogeneous computing environments. Headquartered in Rockville, Md., AXENT serves more that 5,000 customers through it's 15 locations worldwide. ______________________________ Reply Separator _________________________________ Subject: Re: Good logging and real-t Author: ids@uow.edu.au at ccgate-ut Date: 11/21/95 4:10 PM Reply to: RE>>Good logging and real-time alert tools ? Andy, Is this product truly "real-time"? How does it intercept unauthorized activity? In my search for "real-time" security products, I have found that most products are simply "after the fact" security reporting tools. Also, these products either took the approach of replacing operating system command files or altering the UNIX Kernel to include security features. As you probably agree, there are drawbacks to both approaches. I recently found a product called SeOS from Memco. Their approach is to redirect kernel pointers to tables that contain security rules and access permissions. By the way, these tables are encrypted. Also, you can track users even if they have changed their indentity to root or superuser. It also has a GUI for administration purposes. If "Security Manager" addresses security challenges in this fashion, I can have my people evaluate it. Regards, Yalda Mirzai ymirzai@amgen.com __________________________________________________________ Consistency is the last refuge of the unimaginative. -Oscar Wilde (1854-1900) Amgen