* The Reviewmeister takes a look at an intrusion detection systems from a company called Intrusion Another interesting intrustion detection system tool came from a company called Intrusion.In our first scenario, we asked the tool on a Monday to give us information about an attack that occurred the previous Friday. Intrusion’s team had tuned our system to dump alerts after three days, so there was nothing to be seen. We adjusted the thresholds and discovered a nice feature: High-priority alerts can age differently than low-priority alerts. Not a massive competitive advantage, but a good sign that product developers thought about this.Next we turned to the problem of how to tune the software to avoid too many false alarms. Intrusion’s tuning facilities vary depending on where you want to filter. In our case, trimming at the sensor was efficient, so we used that method. Intrusion’s Policy Editor runs on the central management console and lets you build a policy that drops IP addresses from events as appropriate. From there, after a bit of technical support, we pushed changes to the sensors and trimmed the alert load considerably.Intrusion also supports pure IP filtering, but this requires direct access to the sensor via its Web interface and is not managed centrally. It sounds like an obscure feature, but the ability to block entire ranges would be important in a large enterprise deployment where multiple sensors saw intersecting traffic loads. Intrusion’s forensics tool opens with a set of canned views into the forensics database: by attacker, by target, by priority and by signature group. We started with signature groups and clicked on the first level of the tree. Each major signature group was shown, along with a count of events. The group we were looking for stood out like a sore thumb, with hundreds of thousands of events. One more click (on “firewall services”) and ICMP Ping Sweep and SMB Scan both stood out again.At this point, Intrusion doesn’t further sort items, which means that if we went with the out-of-the-box product, we’d have to sort through long lists of events. But building a new tree was the quick solution to that. A few clicks let us add a new summarization level underneath signature and source IP address, and now we had the information we wanted. For the full report, go to https://www.nwfusion.com/reviews/2003/1013idsrev.html Related content news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Certifications Certifications news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center news AWS and Nvidia partner on Project Ceiba, a GPU-powered AI supercomputer The companies are extending their AI partnership, and one key initiative is a supercomputer that will be integrated with AWS services and used by Nvidia’s own R&D teams. By Andy Patrizio Nov 30, 2023 3 mins CPUs and Processors Generative AI Supercomputers news VMware stung by defections and layoffs after Broadcom close Layoffs and executive departures are expected after an acquisition, but there's also concern about VMware customer retention. By Andy Patrizio Nov 30, 2023 3 mins Virtualization Data Center Industry Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe