Search

Distributed Rules Manager

The Distributed Rules Manager provides an intelligent framework for the authoring, management and deployment of Snort rules, using an intuitive interface which helps the user consolidate rule sets from multiple vendors.

get in touch

Latest News

Distributed Rules Manager

Overview

Distributed Rules Manager

On average, around 5 new cyber-threats are discovered every day that are capable of exploiting network vulnerabilities, disrupting normal business functions and leading to the loss of critical data. For IT managers operating complex defence-in-depth security strategies, typically including multi-vendor security controls, it makes it virtually impossible to keep pace with the essential updates needed to maintain an optimum security posture.

Idappcom’s Distributed Rule Manager (DRM) provides a scalable solution to the problem of managing and maintaining multiple Intrusion Detection and Prevention Systems (IDS/IPS) across a distributed network, simultaneously from remote centralised databases. This means that within hours of a new exploit appearing on the global threat lists, IT managers can update the rules and signatures on all the security controls protecting the vulnerable servers and business critical applications, wherever they are in the corporate network.

Interoperable with EndaceProbe™

Using a mesh of Idappcom configured Snort© IDS Virtual Machines (VM) deployed on EndaceProbe appliances across a network, analysts can benefit from the 100% packet capture capabilities of the EndaceProbes by quickly associating IDS alerts to synchronised network traffic events in real time. Leveraging RESTful APIs, DRM integrates with the EndaceProbes using Pivot to Vision (PTV) and focuses the analyst directly on the exact, pre-filtered packets that triggered the alert. This deep integration enables a streamlined investigation workflow for Network Operations (NetOps) and Security Operations (SecOps) teams that dramatically reduces investigation times and accelerates TTR (Time to Resolution).

Drawing on its database of continuously researched and updated vendor and third-party exploit-matched rules, DRM ensures that the vendor appropriate rules can be selected, fine-tuned, edited and tested before being applied to the relevant security controls across the entire network.

Benefits
  • Manage and maintain all network security controls via a centralised platform
  • Leverages Endace PTV and VM IDS functionality to support forensic investigation and traceability of historic network security events
  • Routinely assess the effectiveness of network security controls to meet regulatory compliance standards
  • Assess the impact of any planned changes and additions to the IT infrastructure on the overall security posture of the network
  • Minimise time to resolution and associated analyst incident investigation and remediation costs

The combination of EndaceProbe's stateful network history recording capability and DRM’s centralised rule management functionality delivers a powerful and cost-effective tool to enable network managers to rapidly respond to security incidents and ensure optimum levels of corporate security at all times.

IQ Solutions

The Distributed Rules Manager is part of a set of tools that increase your ability to avert risk.

  • Traffic IQ Professional - The tool to penetration test a device or network under test and identify potential risks by actual exploit
  • Traffic IQ Gateway - The tool to apply evasion techniques to ANY traffic and further test the mitigation capabilities of your defences
  • Easy Rules Manager - A localDB database for SMEs looking to manage a small number of sensors
  • And now the Distributed Rules Manager

Links

System Requirements

Click here for hardware and software requirements.

Share


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.