RandomStorm has announced the launch of a network intrusion detection system (NIDS) tool StormProbe.
Built to analyse network traffic using more than 30,000 malware signatures to identify anomalies and malicious payloads, StormProbe is based around the same algorithm that powers its StormAgent Log Management software.
With StormProbe, when a matched rule is detected, RandomStorm’s instances, events and alerts (IEA) algorithm creates a matched rule instance and begins to record all linked alerts as unique, time-based events, associated with the specific target host in the network, under the same instance.
RandomStorm product manager Steve Jones told IT Security Guru that users have said there is a greater need for compliance products for evolving companies, and that the user response to this so far has been “immense”.
“You can use this to detect instances on the network and drill down to a granular level to see the full alert and you can see the packet data too,” he said.
“It will also pick up malicious activity and you can use sensors such as Suricata and Snort, and we also have our own sensors so you can use the best of the three. This enables you to reduce the ‘white noise’ and makes the use of security engineers’ time more efficient.”
A physical appliance, Jones said that this ties in with other models on other solutions and it can hook into the StormCore interface and can be configured to monitor traffic flows targeted at up to one hundred specified hosts across the network.
Andrew Mason, co-founder and technical director of RandomStorm, said: “The latest security guidelines, such as PCI DSS 3.0, recognise that there are far too many security threats and log events for humans to monitor and that organisations need to focus their efforts on rapidly detecting and responding to network activity that indicates a security breach.
“Using automated systems that are constantly updated with information on new threats, organisations can filter out the noise and stay alert to attacks on their most important assets.”
