|  Create a Profile 
 
Login:
 
Password:

Intrusec CM In-Depth

Providing Enterprise-wide actionable intelligence derived from real-time change detection

Intrusec CM is a network-based, change detection and management solution that monitors assets in real-time, comparing a device's current state with both its previous state and policy defined baselines and assigning a risk to any detected deviation.

Intrusec CM features the components below. Click the component to learn more.

  1. Change Detection Methodology
  2. Heuristics Engine
  3. Plug-in Engine for Deeper Probes
  4. Leveraging existing third-party tools
  5. Vulnerability Scanner integration
  6. Alerting and Reporting

Change Detection Methodology

Intrusec CM is the first product in a new generation of network security and administration software, change detection systems, that continuously monitors your entire network for new devices, applications, and services, and changes to existing ones. It easily installs and begins continuously monitoring your network for changes in the state of any of those assets, or the network itself.

Based on active detection technologies (it interacts directly with all devices, rather than passively sniffing traffic), Intrusec CM proactively monitors systems across any heterogeneous network and is not limited to physical Ethernet segments or network topology. Alerting is highly flexible, allowing administrators to alert based only on pertinent corporate security policy violations.

Heuristics Engine

Intrusec's core technology is its change detection engine. This engine consists of a robust core network-scanning engine that connects to, and interacts with, thousands of devices and hundreds of thousands of services on a continual basis.

On top of this core engine is the Heuristics Engine, a set of anomaly detection algorithms. It mimics the behavior of an experienced network engineer in attempting to identify whether any changes have occurred to any assets connected to the network. This engine will connect to an asset to look for changed ports, services, installed applications, users and user permissions, etc., parsing the output into useful data, and providing a risk exposure rating for any detected change.

Different heuristics are used depending on the type and layer of an application.

Plug-in Engine for Deeper Probes

Working alongside the Heuristics Engine (which provides broader change detection on a network), a Plug-in sits on top of Intrusec's core engine technology, providing deep knowledge to identify changes in a specific server, service, or application on a network.

Each plug-in provides deeper probing into the application it is targeted towards. For example, the core engine would detect a change in the version of Microsoft Exchange installed on your mail server, our Microsoft Exchange plug-in would detect internal application changes, such as new mailforwarding policies.

Plug-ins are available for all Microsoft enterprise products, and new plug-ins are released on a quarterly basis.

Leveraging Existing Third-Party Tools

At Intrusec, we understand the state of today's IT departments. Each department must leverage existing technology and human resources wherever possible. And when you deliberate the decision to commit to a new product, the ability of the new product to jive with the existing infrastructure is paramount.

We believe any new product needs to be of discernable value to the organization and a longer term strategic fit for your anticipated needs.

Vulnerability Scanner Integration

Intrusec doesn't replace your vulnerability scanner…we make it better.

The problem with traditional vulnerability scanners is that they are so resource intensive on both the network and scanned assets that they are run on a scheduled basis. This means that their output is a snapshot in time, and frequently obsolete within a day of the last scan.

Intrusec CM integrates seamlessly with your existing vulnerability scanners, maximizing their value while minimizing their network impact.

When Intrusec CM detects a change on an asset, it instantly communicates with your vulnerability scanner, triggering a targeted scan against the changed asset and integrating the vulnerability findings into the notification sent to the asset owner.

Intrusec CM acts as command and control for your vulnerability scanner, telling it where to look and when to scan...giving you optimal vulnerability detection.

Alerting and Reporting

Intrusec CM provides several methods of delivery for the alerts created by the internal engines or external vulnerability scanners. These include delivery via SNMP, XML, E-Mail, or a user-defined action.

Intrusec CM also provides integration support for third-party Security Management Systems, such as are provided by GuardedNet, NetForensics and Intellitactics as well as larger network management systems such as HP OpenView and IBM Tivoli.

Intrusec CM includes a comprehensive reporting system allowing you to extract security and state information about your network from Executive overviews to Analyst granularity.


Home I Products I Download Intrusec CM
 Services I Company Information I Customer Support I Contact I Partners

Copyright © 2004 Intrusec, Inc. All Rights Reserved