Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Tipping the Scales: Page 4 of 7

Event alerts can overwhelm even the most seasoned administrator installing a network IDS. TippingPoint provides automated event management by reducing the number of alerts based on what it knows about the existing network.

UnityOne uses network discovery, a combination of port scans and Nmap -- like OS identification to identify the servers and services that it is protecting. After it has identified open TCP ports, the NDS attempts to determine what service is running on the port using modified NESSUS code. UnityOne uses this information to alert on only the most relevant events. For example, if the only services available to the Internet are Apache Web servers, Bind DNS servers and Sendmail MTAs, UnityOne will log all the events but only alert on attacks to those services. The effect is to show only what is interesting to the administrator, reducing incidents of false positives.

There were some issues with the network discovery -- UnityOne only detected 37 hosts on our network when a similar scan using Nmap produced 57 hosts. The results of the scans were accurate in terms of assessing the OS as Nmap, however.