HOME Software Network Security Wireless Latest News Contact Us
 
Events | News Feeds (RSS) | Articles | New Archive  
 
 
  Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
  Learn More
 
 
  Network Security Software
Network Bandwidth Monitor

Network Bandwidth Monitor
NBMonitor displays real-time details about your network connections & bandwidth usage.
   
Network Access Monitoring

Network Access Monitoring
ShareAlarmPro monitors network access to shared folders and resources.
   
Product Key Finder
Product Key Finder

Product Key Explorer retrieves over 3000 software product keys from network computers.
   
Network Shares Monitoring

Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy.
 
 

Network Security News

HP combining IPS and SIEM to better fight malware

February 14 2011

HP this week will demonstrate at the RSA Conference how its TippingPoint intrusion detection and prevention (IPS) appliance can work with the ArcSight security and event information management (SIEM) product it acquired late last year to block anomalous threat activities against Web sites.

An IPS can already detect and block a broad range of specific types of attacks against corporate networks but HP intends to show how the use of its IPS in conjunction with a SIEM, which can analyze input from multiple security devices and host sources, will expand the capability to catch some kinds of more stealthy attacks.

One demo will show an attacker opening up shopping carts on an e-commerce site at a fast pace and filling them up, but not making transactions, which could cause something akin to a denial-of-service attack against the Web site, according to Michael Callahan, director of worldwide security marketing at HP. The ArcSight SIEM "would be able to see this," says Callahan. "But then basically you'd have to do something about it."

If it turns out an attack is linked to a specific address or botnet used in the attack, the HP TippingPoint device would then be able to make a determination to block it. The so-called "reputation database" used by the TippingPoint appliance would help determine whether the source of the attack is associated with a known malicious botnet or IP source or not. At its booth, HP will show it's possible to fully automate a blocking response in various scenarios. At a separate ArcSight booth, similar demos will be done.

Bill Veghte, executive vice president of software and solutions for enterprise business at HP, is expected to be discussing how this SIEM-IPS combo and automated blocking would work in his keynote address at the RSA Conference 2011.

Callahan acknowledged that the integration work done to allow the TippingPoint IPS and the ArcSight SIEM to work together in still relatively new but is at the stage it could be used in production networks. He adds the goal is to analyze information collected in real-world use of the HP integrated SIEM-IPS system to share information with all HP customers using the devices about newly discerned threats.

In related news, HP will announce enhancements to its Reputation Digital Vaccine Service used in TippingPoint to block suspicious addresses. HP says it's now adding additional threat-intelligence information provided by ipTrust, based on about 250 million IP addresses the firm monitors, adding that to other threat-intelligence feeds that HP uses.

HP will also offer a DV Toolkit that enterprises could use to write customized threat-protection filters when they find that a proprietary application used in house has a vulnerability. The filter written with the DV Toolkit would give the organization a line of defense filter against attacks, which would be especially important in the time period before the proprietary application was fully patched and fixed.

Sours From

View more news
 
  Most Popular
 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking
 

 

 Sponsored Links
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com

Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

BlueAuditor - Monitor YourBluetooth Network
BlueAuditor detects and monitors Bluetooth devices in a wireless network and allows network administrators to audit wireless networks against security vulnerabilities associated with the use of Bluetooth devices. For more information, please visit:
nsauditor.com/bluetooth_network_scanner.html
 
 
Home Software Security Wireless Latest News Contact Us