10.15 Early Warning Systems


10.15 Early Warning Systems

The spiraling cost and damage of intrusions has also led to the creation of some early warning systems, such as those by SecurityFocus and the nonprofit SANS Institute. They represent intrusion detection clearinghouses providing information on vulnerabilities and attack techniques. Both collect and analyze data from monitoring devices around the world, dispersing alerts via the Internet to thousands of customers and subscribers. The SecurityFocus Deep-Sight Threat Management System gathers and correlates data from over 15,000 network intrusion detection, firewall, and router devices from thousands of private, public, and academic networks in 150 countries. The annual subscription for DeepSight is $50,000. Educational institutions that agree to feed their data get a discount.

SANS is a nonprofit educational group for security professionals. SANS accepts logs for analysis. Other security services, such as aris.securityfocus.com, allow victims to also upload IDS logs for purposes of analyzing attacks. McAfee's Visual Trace service can map attacks, offering time and place information like caller ID, and is capable of tracking down attackers by geographic region, IP address, and even street address. Check Point Software Technologies, a firewall maker, allows customers to block traffic from IP addresses SANS lists as attackers.




Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
ISBN: 0750676132
EAN: 2147483647
Year: 2005
Pages: 232
Authors: Jesus Mena

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net