NitroSecurity's Security Event Aggregation and Correlation Engine (N-SEAC) is a patented, key differentiator of the NitroSecurity IPS solution. It allows enterprise customers the ability to collect and analyze threat information more efficiently and in an accurate and timely manner.
fkqolar`qflkMany critical performance differentiators of NitroSecurity's Active Intrusion Prevention Systems (IPS) are attributable to the high-speed aggregation and correlation engine used within each NitroSecurity IPS, ManagementConsole, and Enterprise Security System (ESS). The performance contribution of the security aggregation andcorrelation engine can be either direct or indirect depending on the IPS function being considered. A directcontribution means that the capabilities supplied by the security aggregation and correlation engine provide a key,direct benefit to performance. Indirect performance benefits mean that the security aggregation and correlation enginedoes directly support the function but supports peripheral areas, which in turn improves overall performance.
^=_ofbc=efpqlovThe development of the security aggregation and significantly increasing security management performance.correlation engine began in 1983 at the US Government Its speed of insertion and ability to return real-timeDepartment of Energy's Idaho National Engineering statistics/queries up to 1,000 times faster than evenLaborator y. In the government arena, the aggregation enterprise systems contributes directly to anomalyand correlation engine was known as Sage/AdaSAGE, detection, alert packet storage and indirectly to the abilitywas in development for 275 staff years and for over 16 of the signature detection and firewall engines to perform.years in the national laborator y. Sage/AdaSAGE has No other IPS on the market embeds a securityreceived over $30M to support development costs, has aggregation and correlation engine on the device.earned numerous awards, and enjoys acceptance by theDepartment of Defense and Energy where it has beenincluded in thousands of systems. Commercializedthrough NitroSecurity in 1999, it underwent furthermajor enhancements by the original developers covering10 more staff years. NitroSecurity was awarded a patentfor the aggregation and correlation engine's uniqueindexing methods in 2002.
kfqolpb`rofqvp=^`qfsb=fkqorpflkmobsbkqflk=pvpqbjNitroSecurity's Active IPS are network bridgesimplemented on an Intel Linux platform, using in-lineSnort as a signature detection engine, iptables as a firewall,and the worlds fastest and highest performing securityaggregation and correlation engine for data managementand real-time analysis functions. The purpose of theNitroSecurity Active IPS is to detect and prevent intrusionattempts, block unwanted traffic, and act as a source ofnetwork information. The advantage of embedding theNitroSecurity security aggregation and correlation engineinto the IPS, turns the device into an intelligent securityinformation appliance rather than just a networkprotection and data collection device. The securityaggregation and correlation engine has the ability ofexecuting as an "in-memory" database at speeds of 100 to 1,000 times that of any competitive product by káíêçpÉÅìêáíóI=fåÅK=«=OMMRm~ÖÉ=N^klj^iv=abqb`qflkAnomaly detection is either non-existent or still in itsinfancy in many intrusion prevention devices. IPS companies are now beginning to emphasize this area as intrusion prevention technology matures. The NitroSecurity Active IPS uses information stored in the aggregation and correlation engine to providevarious anomaly detection features. Only theNitroSecurity aggregation and correlation engine canstore and retrieve information at the rates needed forenterprise scale intrusion prevention.
Other techniques are being used that take much longerto develop, incur costly maintenance, and are not asflexible or universal. Some companies attempt toovercome this shortcoming by positioning anomalydetection analysis on their central management console.The time lag to respond using this technique isobvious. The advantage of NitroSecurity's securityaggregation and correlation engine will be furtherhighlighted as NitroSecurity moves into the futurewith additional anomaly detection/reaction methodsand features such as connection tracking whichprovides the ability to track information on everypacket that traverses the network.
cfobt^iiThe firewall used in the NitroSecurity Active IntrusionPrevention System devices works cooperatively with theSnort detection engine to block offensive traffic andpfdk^qrob=abqb`qflkgenerate information which is stored in the securityThe NitroSecurity Active Intrusion Prevention System aggregation and correlation engine for further r... [download for more]
