StormProbe analyses all network traffic, using more than 30,000 constantly refreshed malware signatures to identify any malicious payloads. When a matched rule is detected RandomStorm’s Instances, Events and Alerts (IEA) algorithm creates a matched rule Instance and begins to record all linked alerts as unique, time-based events, associated with the specific target host in the network, under the same Instance.
Part of the StormCore integrated security management platform, StormProbe represents a step change in IDS technology. Based around the same RandomStorm IEA algorithm that powers the company’s StormAgent Log Management software, StormProbe provides IT managers with a graphical view of the real-time threat status of the network.
Accessed via an intuitive management user interface (UI), StormProbe classifies all Instances in terms of the level of severity, based on custom rules. This classification enables system administrators to immediately see when a one-off or prolonged attack is underway, as well as the nature and severity of the attack, to enable rapid, remediation.
Offering a highly granular forensics tool, StormProbe enables system administrators to drill down to view individual linked alerts and obtain a detailed picture of any attack or suspect activity, including information on the malware type, start, source, duration and target host IP address.
Installed as a dedicated appliance, StormProbe can be configured to monitor traffic flows targeted at up to one hundred specified hosts across the network, integrating seamlessly with RandomStorm’s security management UI, StormCore. System administrators are provided with timely alerts and security intelligence when anomalies, policy violations and security threats are detected in both the external traffic and host log files. This reduces response times and enables more focused use of IT resources.
To further minimise the administration burden placed on highly skilled IT staff, StormProbe generates a range of static, dynamic and custom reports, including trending threats and compliance reports. Its dedicated reports for regulatory frameworks are particularly suited to assisting merchant organisations to meet Payment Card Industry Data Security Standard (PCI DSS) requirements. Version 3.0 of the standard, due to be introduced in November, includes enhancements to help organisations to be proactive in identifying malware attacks on the cardholder data environment.
Commenting on the launch of StormProbe, Andrew Mason, co-founder and Technical Director of RandomStorm said, “The latest security guidelines, such as PCI DSS 3.0, recognise that there are far too many security threats and log events for humans to monitor and that organisations need to focus their efforts on rapidly detecting and responding to network activity that indicates a security breach. Using automated systems that are constantly updated with information on new threats, organisations can filter out the noise and stay alert to attacks on their most important assets.”