Prowler Hunts for Intruders

As hackers work to circumvent the best laid plans of IT managers and corporate CIOs, intrusion detection is emerging as an essential strategy for the enterprise. With the release of version 3.5 of its Prowler IDS intrusion detection product, Axent Technologies Inc. (www.axent.com) hopes to give IT organizations the tools they need to detect intrusions and protect critical information systems.

Scott Gordon, director of product management at Axent, says the susceptibility of e-commerce sites, in particular, is a prime reason to implement an intrusion detection solution.

"Following the recent barrage of attacks on popular e-commerce sites, it's become painfully clear that any organization conducting e-business needs the most powerful, enterprisewide protection available," Gordon says.

Prowler IDS leverages a three-tiered architecture that consists of agents, managers, and an administrative console. Prowler IDS agents reside locally on protected systems and react against potential threats; Prowler IDS managers are used to automate the configuration of an organization’s intrusion detection settings on protected systems and provide reporting capabilities; and Prowler IDS’s administrative console supports drag-and-drop capabilities that let administrators group security policies and attack signatures in terms of individual business functions.

Axent’s Gordon says Prowler IDS’s three-tier architecture makes it easier to setup and use, particularly in organizations that have limited security resources or expertise.

"These companies have limited security expertise or resources to adequately protect their Internet investments," he points out. "Axent's Prowler IDS Series combines superior IDS functionality with highly automated configuration and streamlined maintenance."

New in Prowler IDS 3.5 is a rapid response capability that ensures real-time deployment of the latest attack signatures. Axent says this provides near instant protection against attack. Axent provides monthly and emergency rapid response updates to customers, which include signatures for existing and new attacks that can be readily detected by Prowler IDS.

Prowler IDS 3.5 includes NetProwler 3.5, a network-based intrusion detection system that can discover systems and applications and apply predefined security policies for protection. It features a Stateful Dynamic Signature Inspection engine that Axent says lets organizations build and deploy attack definitions on-the-fly. Moreover, NetProwler 3.5’s new Web Auto Download feature lets administrators download new attack signature updates as soon as they are available and automatically push them out to Prowler IDS managers and agents.

Also part of Prowler IDS 3.5 is Intruder Alert 3.5, a host-based intrusion detection solution that offers cross-platform monitoring and alerting and provides support for automatic countermeasures. Intruder Alert functions much like an electronic watchdog, monitoring critical systems for patterns of abuse. New in Intruder Alert is an integrated event reporting feature that can consolidate security events from distributed hosts and from network agents and then display them through Seagate Software’s (www.seagatesoftware.com) Crystal Reports. The newest version of Intruder Alert also features a new Unix GUI that supports drag-and-drop capabilities in both HP-UX and Solaris.

According to market research firm IDC (www.idc.com), Axent currently leads the intrusion detection marketplace with a 40 percent share.