Content

eTrust Intrusion Detection

This solution provides a network-based IDS, real-time session monitoring and internet/email content blocking. eTrust Intrusion Detection can be installed in standalone mode, or it can be distributed on separate machines. The intrusion detection program installs as a service under Windows NT/2000. As usual, the monitoring interface is a NIC in promiscuous mode, and therefore the presence of the IDS is concealed from the attacker.

Security policies are defined using rules. If any of the characteristics of a network session correspond with the rule conditions, an action is triggered. Configuration of the security policy to be applied consists of choosing, from the supplied pre-defined rule sets. Then you can fine-tune the rule set to save resources.

A supplied performance-monitoring utility called Network Load can be used to help tune the rules further. Manual tuning takes some time, but is necessary to improve performance. The pre-defined rules can detect intrusions and suspicious network activity and inspect content. If the rule sets do not suit your requirements, you can modify or create your own.

eTrust Intrusion Detection does more than just detect - it can also act as intrusion prevention by blocking network activity. The blocking mechanism works by spoofing the session and sending an RST to disconnect it. The client receives a blocking message, depending on the protocol, and the server believes it has been disconnected. It can monitor and block any session going across a UDP or TCP port, and also block active sessions based on content, header information and string matches.

Alerts can be delivered by displaying a message on the screen, by email, fax, pager or SNMP trap. It also includes OPSEC support, allowing you to define rules on Check Point FireWall-1.

Centralized management is provided by a utility called Enterprise Manager, which can monitor remote eTrust Intrusion Detection nodes and also deploy security policies. It also consolidates information into a relational database.

Report generation is easy and can be scheduled for automatic production. Reports can be viewed on any computer, even if eTrust Intrusion Detection is not installed on it, by using a small client application called Report Viewer.

Product title
eTrust Intrusion Detection
Product info
Name: eTrust Intrusion Detection (IDS group test) Description: Price: $3,300
Strength
A scalable system that integrates with CA's Unicenter platform.
Weakness
Careful manual tuning of the security policy rules is required to achieve good performance. CA says that version 3 will address this.
Verdict
CA's 'jack of all trades' approach goes against the trend, but says this is a strength, allowing more centralized security management.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.