March 27th, 2003, 02:32 PM
I have worked with Securify some and played with this product. Instead of being a simple or pure IDS it is policy driven. In one sense, it is sort of a combination of signature-based and anomaly-based intrusion detection.
Securify SecurVantage™ is an automated security system that enables customers to rapidly generate business-driven security policies, monitor networks for compliance and produce relevant information. This software solution consists of an advanced environment for policy development and security analysis, a real-time monitoring system to continuously verify conformance to business practices and security policies and an enterprise management and trend reporting system. The SecurVantage™ solution is driven by a customer-specific policy that formally describes the desired operation of the network.
When you start off you do a network scan to identify all devices and establish a baseline of acceptable traffic. You then use that baseline to establish policies. A policy might say that no workstation should initiate or accept an FTP connection or something to that effect.
The SecureVantage Monitor then monitors the network for violations of established policies and can either alert or take proactive measures to mitigate the violation.
I am curious what others think of this. Has anyone else had experience with it? Do you think it is a viable replacement for an IDS, or would you use it in conjunction with an IDS or do you think its more hype than reality??