skip to: page content | links on this page | site navigation | footer (site information)

About Softwink | Contact Us | IDS Login

Intrusion Detection Monitoring

 

Intrusion Detection Monitoring

 

 

 

 

 

This graphic represents our general setup. Read below for more information.

 

In order to monitor your Internet connection, we install a machine on your network to watch for suspicious traffic. We monitor your connection live, 24 hours a day, 7 days a week. If there is a high level security threat, our intrusion detection system notifies our staff of trained professionals. We then block the nefarious traffic and contact you personally in order to provide you with comprehensive information regarding the attack. We also monitor your internal network for policy violations, free of charge.

During the Intrusion Detection Monitoring installation process, we set up a machine that acts as an alarm system for your network. Softwink's intrusion detection monitoring system watches the traffic coming into the firewall for any nefarious traffic or attacks on your network. Our system detects intrusions by first parsing network traffic in order to extract its application-level semantics. It then executes event-oriented analyzers that compare the activity with patterns deemed nefarious. Its analysis includes detection of specific attacks including those defined by signatures, as well as those defined in terms of events, and unusual activities (certain hosts connecting to certain services, or patterns of failed connection attempts). Our network personnel then actively analyze each alert to determine the nature and significance of the attack. In the case of a serious event, the system automatically alerts our Network Operation Centers (NOC) personnel, 24 hours a day 7 days a week. In the event of a high risk alert where we determine that the firewall could be compromised, we will either block the source address of the offending traffic or notify the firewall management personnel.

Softwink uses a system that can be tailored 100% to your company's needs. Its specialized language allows us to select alerts appropriate to your network, as well as add and remove alerts as your policies change and new attacks are discovered. Additionally, we provide you with a web based interface to see the alerts as well as a list of personnel currently monitoring your network. Through this interface you can also generate reports at any time for your own records or if an auditor should request them. On a quarterly basis, we will provide you with a comprehensive report of all suspicious events including an executive summary of the most significant attacks, that can be given to auditors for “Gramm-Leach-Bliley”, "HIPAA" or "Sarbane-Oxley" compliance.

All alerts that come into our NOCs are stored in a database at our site and the traffic between your company and ours is securely encrypted. There are many other companies that perform intrusion detection services but they do not encrypt the traffic. Instead, they send their alerts in clear text using utilities such as "syslog". This method is counter-productive to your network security since a "hacker" can watch that traffic and gain information that may help them break into your network.

 

Softwink, Inc. IDS trend information is gathered every
5 minutes from field sensors. This information is to
show general attacks detected on the Internet.

 

 

 

Frequently Asked Questions:

Why do I need this service, I have a firewall?

A firewall is like the lock on the a door. If your physical building's security system is not comprised of motion detectors and an alarm company to notify the police, a burglar could take a crowbar to break that lock. Similarly, a hacker can take a software crowbar to your firewall, and if it is not monitored, you will not know. Unlike a physical break-in where you would notice the damage the next business day, with a network break-in you might never know.

What if I do not have a firewall, do I need one for this service to work?

No. Our IDS sensor has stateful packet inspection firewall functionality, so if you do not have a firewall there is no need to purchase one. In the event of a malicious attack and our sensor also acts as your firewall, we will immediately thwart the attack by dropping all traffic from the source. If you already have an existing firewall, we will notify your current management provider to do the same.

What services are included if I purchase Intrusion Detection Monitoring?

- 24 / 7 / 365 monitoring for intrusion attempts
- Quarterly reporting on CD ROM/DVD/online download for regulatory auditing
- Mail filtering for Spam and Viruses
- Spyware alerting for internal machine infections
- Alerting for policy violations free of charge

About Us | Terms of Use | Privacy Policy | Contact Us | ©2010 Softwink, Inc.