- Steve Jobs is a man of a few words
- Internet routing blasts into space
- 15 free downloads to pep up your old PC
- IBM smartphone software translates 11 languages
- New attack fells Internet Explorer
We installed Sourcefire's 3D System, consisting of an RNA Sensor 2000 v2.0, an Intrusion Sensor 2000 v3.2 and a Defense Center 1000 v3.2 onto our production network. Sourcefire provided "release candidate" versions and installation assistance for all three products in the 3D System to highlight the new integration of the RNA and IDS information onto the Defense Center.
Tuning RNA simply means telling it which hosts to pay attention to - which networks belong to you - which only took a few moments. To test the Defense Center integration, we had to tune the IDS Intrusion Sensor by disabling some alerts and writing specific "pass" rules for others. We took two weeks to tune the IDS sensor output, spending one to two hours a day customizing the IDS policy to eliminate false alerts.
Once the IDS sensor output was reduced to a small number of alerts each day, we enabled impact alerts for systems the Defense Center considered "vulnerable" based on the combination of IDS and RNA data.
To evaluate how useful RNA was, we set out with eight specific tasks and looked at how hard (or easy) it was to solve them, including identifying compromised systems, reporting software and version information on mail and Web servers, alerting on newly installed systems, and setting up common queries to summarize servers and applications on a particular network segment.
Back to review: "Sourcefire's RNA provides instant visibility into your network"
Comment