NetIQ Security Manager
Intuitive user interface that is easy to use and very flexible.
Although including a host-based IDS, this product is aimed more at managing an environment of multi-vendor security systems.
This is a comprehensive reporting and management system that consolidates input from its own host-based IDS with third-party IDS, anti-virus and firewall products.
This product is aimed at managing security across a multi-vendor environment of disparate security solutions, enabling a choice of best of breed for each requirement. It also includes a host-based IDS application which detects unauthorized services and rogue processes. Automatic actions include raising alarms and ending unauthorized services. It alerts when membership of the administrators' user group changes, should a hacker try to elevate his privileges. System files are monitored for replacement by Trojan horses.
Windows NT/2000/XP and Solaris 8/9 OSs are supported. Central deployment of the agent can be achieved. As a management platform it can correlate events in real time from third-party security products, including anti-virus, firewalls and IDS. Automating responses to events, its extensive knowledge base offers advice on specific attacks.
McAfee, Norton, and Trend Micro provide anti-virus support, while firewalls include Check Point Firewall-1 and Cisco PIX. Besides managing firewalls, it also detects configuration errors. As well as its own host-based IDS, it can integrate the management and reporting of ISS's RealSecure IDS. Both host and network-based RealSecure sensors are supported, as is RealSecure's Workgroup Manager. Security Manager provides a well documented authoring guide for those wishing to build their own solutions on top of Security Manager. It can automate event suppression, consolidating multiple alerts in a single alert, including a counter indicating the number of attacks. It can run a command or script automatically and correlate multiple failed logon attempts, enabling you to take action by disabling the logon ID.
The Security Manager database requires a Windows 2000 Server, while the user interface can be based on Microsoft Management Console (MMC) or accessed via any web browser. Reporting is performed using Microsoft Access but reports can be saved in HTML. Reports can be scheduled so that they are automatically 'published' as HTML files or printed out. The log management capability helps meet audit and legal requirements with real-time security log consolidation, analysis and reporting.