Intrusion detection system (IDS) developers ForeScout will announce and
demonstrate a corporate version of its early-warning software ActiveScout
application at the Computer Security Institute (CSI) exhibition Tuesday in
Chicago.
The ActiveScout Enterprise edition has been tested to allow up to 50 access
points (APs) in a network using the ActiveScout Site Solution to exchange
information simultaneously, though ForeScout officials said the product
will work globally and has no set limit of APs.
The ActiveScout Site Solution has been around for some time now, though
until now the software application hasn’t been able to “talk” with other
network APs using similar software. The enterprise solution takes care of
that; it’s Enterprise Manager and Enterprise Heads-Up collect and
disseminates network attacks from one node and warn the other APs almost
simultaneously, behind the scenes.
“Security professionals are constantly looking for better ways to identify
attacks with a high degree of accuracy so they can stop real network
attackers and prevent intrusions across the entire enterprise,” said Peter
Lindstrom, a director at Spire Security, a research and consulting firm.
According to Nancy Blair, vice president of marketing at ForeScout, if an
attack occurs at one AP, the threat information is passed to the other
ActiveScouts running on the network to prevent a breach from occurring.
The new version comes with a graphical user interface (GUI) map that shows
where the attack originated and how widespread the attack is, and whether
it is hitting the other nodes in the network. Blair said it helps IT
managers quantify the existence of network threats to company executives
and is a precursor for ActiveScout versions in the future.
“Right now, the threat information is passed within the enterprise, but we
do envision an inter-enterprise global warning communication in the
future,” she said.
Since the ActiveScout is a software solution, customers are allowed to
build the server, and operating system (OS) of their choice, though
officials said they have vendors who can bundle the software onto a new
machine.
David Prince, director of information services at Leith Managment Company,
a NC-based car dealership that keep thousands of car loan applications in
the database, said he has been testing the ActiveScout for some.
“It’s been working great,” he said. “We’ve been running it on a test
server and running intrusion tests on it but plan to move it onto a more
permanent platform in the near future. Since installing it, we’ve seen a
dramatic decrease in scan traffic, and a reduction in the amount of alerts
for false positives and network attacks.”
For companies that prefer to build an out-of-box server of their own,
officials recommend it contain at least an Pentium III 600 MHz processor
with 256 MB of RAM and 20 GB of disk space. ActiveScout runs on Windows,
Linux or Sun Solaris platforms.
ActiveScout sits in front of the APs firewall and behind the router,
processing incoming traffic and returning false network identification
information to the originator. In the case of an attack, where the
attacker launches an exploit, it is sent to the wrong area of the network
because of the bogus information and intercepted.
Blair said this patented technique cuts down on the number of false
positives and attacks that IT staffers need to respond to by 85 percent,
since the attack is foiled before even reaching the Internet. Only with
the other 15 percent will a network administrator get a page or phone call.
“It’s much more effective than your regular IDS solution,” Blair said,
“because it doesn’t bother alerting the IT manager with every single port
scan or false positive. And because it works in the background so well,
most managers aren’t even aware their network is getting attacked; in the
case of the NIMBA virus, one of our customers had to look through the logs
to find out if they were even getting attacked, because ActiveScout stopped
the virus before it got to the network.”
Pricing on the ActiveScout is dependent on the amount of network traffic
the application handles, but starts at:
- ActiveScout Site Solution – $2,995.
- ActiveScout Enterprise Manager – $9,995.
- ActiveScout Enterprise Heads-Up – $4,995.