Every now and then we see, as Monty Python used to say “...something completely different.” The RazorThreat Threat Analysis Console is just such a product. The TAC, as RazorThreat refers to its product, analyzes inter-domain communications and determines through policy whether the communication is allowed or may be indicative of an attack. RazorThreat visionaries call this process “stopping threats via policy versus signatures.”
This is a variant on behavior analysis and it brings behavioral profiling to the enterprise. By dictating that which is explicitly permitted, one is able to identify that which should be denied. This subtle shift from anomaly detection to behavioral profiling is an important innovation.
RazorThreat also makes a distinction between event analysis and risk analysis. Risk analysis involves threats and vulnerabilities, as well as impacts. By matching enterprise vulnerabilities to the threats against the enterprise, the TAC is able to help analysts identify important anomalies without being bogged down in the often overwhelming number of events often reported by IDS/IPS systems and SIM/SEMs. The TAC aims to identify genuine threats to the enterprise so that resources may be directed appropriately.
AT A GLANCE
What it is: A multifaceted network traffic analyzer and manager
Vendor: RazorThreat - www.razorthreat.com
Cost: contact RazorThreat for pricing of various configurations
Innovation: Implementation of classic security concepts in a practical, useful package
What we liked: The manager concept combined with an innovative analysis engine