As the Internet continues to grow, so does the exposure and risk. Network Intrusion Detection Systems (nIDS), when properly implemented and monitored, are an integral part of the defense against hostile traffic that batters your network daily. nIDS security allows you to react when/if someone breeches your network, and also supplies continuous information about the health of your networks from a performance as well as security perspective. nIDS tools in the right hands can often identify network as well as security problems before they occur. Installing a nIDS architecture by itself is only part of the task.
Without the supporting skill and talent to monitor and analyze the information nIDS engines provide, one is subject to the time, attention and abilities that one gives to a security device. There are efforts to develop nIDS engines that 'report' events against your network via email, pager notification, pop-up announcements to name a few, but they rely on time, attention and ability. Often these systems are tuned to respond to every event which requires time and attention to analyze and determine if the event is important or not, which leads to a dumbing down of the nIDS sensors to avoid the annoyance, rendering the nIDS tools ineffective.
Hiring highly trained in-house security professionals to monitor and maintain a nIDS solution is expensive, and the nIDS software/hardware itself is generally not inexpensive. This often puts security out of reach of the small to mid-sized organization who lack the kind of information security budget it takes to hire security professionals and purchase the software/hardware to monitor networks.
This is a recurring pattern where an institution recognizes the need for security, lays out CapX to acquire monitoring architecture, discovers the requirement from person/hour as well as skill-set perspective to man these tools is greater than anticipated, often results in the devices being tuned down beyond effectiveness or forgotten altogether. Very few network system administrators have the time much less are qualified to sort through logs and packet traces and determine what requires further attention and what are "false positives."
Manisec solves this. We provide nIDS architecture and highly qualified security professionals to handle all aspects of a secure nIDS system for your networks; from installation and configuration, to real-time monitoring and analysis and active response. Protecting your assets with an nIDS solution is now affordable and reliable.
The core of our specialized technology is the Managment System Framework (MSF), developed by Manisec. MSF's distributed parallel computing architecture provides the ability to effictively assimilate, analyze, and manage the massive amounts of data collected by Manisec's nIDS appliances, firewalls, routers, servers, and even third party nIDS and/or hIDS solutions.
Manisec's nIDS Sensors provide unparalled realtime and forensic capabilities. The nIDS detection engine is based on the premier OpenSource nIDS package Snort, and augmented by several proprietary packages, which add additional features/capabilities such as SNMP based alerting, forensic data mining, event corrolation, and packet trace ringbuffering.
A brief feature listing of this system includes:
- Intelligent handling of IP fragmentation.
- TCP stream reassembly.
- Intelligent porstcan detection.
- HTTP Protocol analysis.
- Large signature base.
- Easy addition of custom signatures.
- Rapid signature updates for newly discovered vulnerabilities.
- Event correlation.
- Alert suppression and/or aggregation.
- Centralized reporting.
- Alert abstraction.
- Multiple alert pathways (Syslog, SNMP, SQL, E-Mail, Text/Pager, etc).
- Statistical anomaly detection.
- Forensic data mining
- The best technical support in the industry.
- Custom features as required.
- Multiple tools for data analysis/reporting.
- Easy integration with existing network management environments.
- Handle all aspects of installation, configuration, and maintenance of nIDS Sensor(s).
- Perform a baseline vulnerability assessment of Customer's network(s)/host(s).
- Notify Customer of successful or potentially successful intrusion events.
- Provide statistical and summary reports of attacks against Customer's network.
- Provide detailed evidence to Customer in the event of a critical incident
- Generate and track incident reports for attacks directed at Customer network(s)/host(s).
- Monitor syslog or SNMPtrap events generated by Customer's existing systems (Optional).
- Configure Sensor to send syslog or SNMPtrap events to Customer's existing network managment system(s) (Optional).