Distributed Rules Manager

To compare features on our different Rules Manager Tools click here for a simple guide

Manage Multiple Intrusion Detection and Prevention Systems - Endace Integration

On average, around 5 new cyber-threats are discovered every day that are capable of exploiting network vulnerabilities, disrupting normal business functions and leading to the loss of critical data. For IT managers operating complex defence-in-depth security strategies, typically including multi-vendor security controls, it makes it virtually impossible to keep pace with the essential updates needed to maintain an optimum security posture.

IDappcom’s Distributed Rule Manager (DRM) provides a scalable solution to the problem of managing and maintaining multiple Intrusion Detection and Prevention Systems (IDS/IPS) across a distributed network, simultaneously from remote centralised databases.

This means that within hours of a new exploit appearing on the global threat lists, IT managers can update the rules and signatures on all the security controls protecting the vulnerable servers and business critical applications, wherever they are in the corporate network

Interoperable with EndaceProbe™

Using a mesh of Idappcom configured Snort© IDS Virtual Machines (VM) deployed on EndaceProbe appliances across a network, analysts can benefit from the 100% packet capture capabilities of the EndaceProbes by quickly associating IDS alerts to synchronised network traffic events in real time. Leveraging RESTful APIs, DRM integrates with the EndaceProbes using Pivot to Vision (PTV) and focuses the analyst directly on the exact, pre-filtered packets that triggered the alert. This deep integration enables a streamlined investigation workflow for Network Operations (NetOps) and Security Operations (SecOps) teams that dramatically reduces investigation times and accelerates TTR (Time to Resolution).

Drawing on its database of continuously researched and updated vendor and third-party exploit-matched rules, DRM ensures that the vendor appropriate rules can be selected, fine-tuned, edited and tested before being applied to the relevant security controls across the entire network.

Benefits:

  • Manage and maintain all network security controls via a centralised platform

  • Leverages Endace PTV and VM IDS functionality to support forensic investigation and traceability of historic network security events

  • Routinely assess the effectiveness of network security controls to meet regulatory compliance standards

  • Assess the impact of any planned changes and additions to the IT infrastructure on the overall security posture of the network

  • Minimise time to resolution and associated analyst incident investigation and remediation costs

The combination of EndaceProbe's stateful network history recording capability and DRM’s centralised rule management functionality delivers a powerful and cost-effective tool to enable network managers to rapidly respond to security incidents and ensure optimum levels of corporate security at all times.

Here is a sample of Distributed Rules Manager working with one of our technology partners Endace: