RandomStorm releases StormProbe
October 30, 2013 No CommentsSOURCE: RandomStorm
Leeds, UK, 30th October 2013: network vulnerability management and compliance vendor, RandomStorm, has announced the latest release of its network intrusion detection system (NIDS), StormProbe.
StormProbe analyses all network traffic, using more than 30,000 constantly refreshed malware signatures to identify any malicious payloads. When a matched rule is detected RandomStorm’s Instances, Events and Alerts (IEA) algorithm creates a matched rule Instance and begins to record all linked alerts as unique, time-based events, associated with the specific target host in the network, under the same Instance.
Part of the StormCore integrated security management platform, StormProbe represents a step change in IDS technology. Based around the same RandomStorm IEA algorithm that powers the company’s StormAgent Log Management software, StormProbe provides IT managers with a graphical view of the real-time threat status of the network.
Accessed via an intuitive management user interface (UI), StormProbe classifies all Instances in terms of the level of severity, based on custom rules. This classification enables system administrators to immediately see when a one-off or prolonged attack is underway, as well as the nature and severity of the attack, to enable rapid, remediation.
Offering a highly granular forensics tool, StormProbe enables system administrators to drill down to view individual linked alerts and obtain a detailed picture of any attack or suspect activity, including information on the malware type, start, source, duration and target host IP address.
Installed as a dedicated appliance, StormProbe can be configured to monitor traffic flows targeted at up to one hundred specified hosts across the network, integrating seamlessly with RandomStorm’s security management UI, StormCore. System administrators are provided with timely alerts and security intelligence when anomalies, policy violations and security threats are detected in both the external traffic and host log files. This reduces response times and enables more focused use of IT resources.
To further minimise the administration burden placed on highly skilled IT staff, StormProbe generates a range of static, dynamic and custom reports, including trending threats and compliance reports. Its dedicated reports for regulatory frameworks are particularly suited to assisting merchant organisations to meet Payment Card Industry Data Security Standard (PCI DSS) requirements. Version 3.0 of the standard, due to be introduced in November, includes enhancements to help organisations to be proactive in identifying malware attacks on the cardholder data environment.
Commenting on the launch of StormProbe, Andrew Mason, co-founder and Technical Director of RandomStorm said, “The latest security guidelines, such as PCI DSS 3.0, recognise that there are far too many security threats and log events for humans to monitor and that organisations need to focus their efforts on rapidly detecting and responding to network activity that indicates a security breach. Using automated systems that are constantly updated with information on new threats, organisations can filter out the noise and stay alert to attacks on their most important assets.”
Built for SME and enterprise networks, StormProbe can support Linux™, Apple Macintosh® Microsoft Windows® and IBM iSeries (AS/400) environments.
-ends-
Note to editors:
Using the RandomStorm IAE algorithm, an “Instance” is an occurrence of a matched security rule. An “Alert” is created following an Instance, such as a password failure. Recurring Alerts generated by individual IP addresses over a configurable time window are classified as one Event. Repeat Alerts occurring outside the time parameter are classified as a separate Event within the same Instance.
References:
Payment Card Industry Data Security Standard Version 3.0 August 2013 https://www.pcisecuritystandards.org/documents/DSS_and_PA-DSS_Change_Highlights.pdf
About RandomStorm:
RandomStorm is a UK-based network security, vulnerability management and compliance company, focused on providing enterprise-level, proactive security management tools and services. RandomStorm’s experienced and certified security experts are able to offer customers a wide range of integrated world-class security vulnerability assessment and professional security services. Covering initial consultancy and gap analysis through to network and application testing, as well as managing client’s business compliance accreditation process, RandomStorm aims to work with organisations to ensure that their security investment is fully optimised on a 24/7/365 basis.
RandomStorm’s core products are supported by a range of complementary monitoring, alerting and remediation tools and services developed under the RandomStorm Open Source Initiative.
RandomStorm is a CESG CHECK security consultancy as well as a Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the Payment Card Industry Data Security Standard (PCI DSS). Please visit http://www.randomstorm.com for further information.