Fortifire: Harvester (24/7 IDS)

MANAGED INTRUSION DETECTION AND LOG CONSOLIDATION

Harvester™ protects your critical business systems with advanced 24x7 proactive security monitoring technology.

We use the latest Open Source tools for intrusion detection and log consolidation housed in our Security Operations Center.

HARVESTER™ BENEFITS:

• VIEW LOGS WITH EASE

Know what's going on with your systems at all times! You can view your logs by site or by system or by application layer.

The best way to reduce false positive alerting is to be able to view a combined network traffic analysis and log analysis on one screen.

Access all your logs from anywhere. Manage multiple sites with ease.

• BETTER - CHEAPER - FASTER
We leverage huge economies of scale to deliver a high service level at a low per device cost. Our trained security operations staff provides 24x7 expertise to back you up.

We define and create Service Level Agreements to meet your needs. Tell us what your requirements are and we'll meet them!

• PASS YOUR NEXT AUDIT
Harvester™ was designed to meet typical security policy requirements for log review and archiving. For the first time an easy and effective way to meet your security policy requirements for log review and archiving.

• 24X7 ALERT ESCALATION
Harvester™ - The Help Desk you can afford!
Keep your resources focused on the business while we manage the daily time sensitive activities.

• 24X7 GLOBAL MONITORING
With 24x7 Global monitoring using firewall, IDS, and system logs results, Harvester™ has the most effect alerting method for identifying security violations.

• LOG CONSOLIDATION
Fortifire will combine, sort, and prioritize your logs for you. Comprehensive log consolidation of application and system level logs are encrypted and stored in a single database. Our SQL data warehouse allows you to securely query your logs from any Web Browser!

• SECURITY ANALYSIS ACROSS ALL SYSTEMS
Each log entry is scored based on likelihood of a security violation. These scores can be reviewed across both time and systems for a comprehensive view.

• CEASE AND DESIST NOTICES!
We aggressively pursue attackers and notify them and their ISP of any violations. We send out strongly worded Cease and Desist notices for inappropriate traffic and escalate to your internal resources for suspicious log activities. We get attacker accounts deleted fast!

• IT SECURITY COST CONTROL
Managed services flatten your costs, leading to predictable manageable security costs. Fortifire's Harvester™ is priced on a per IP device basis, there are no additional charges or hidden fees.

• FORENSIC OFF-SITE LOG ARCHIVAL
We save your logs for later forensic analysis. Each week we generate compressed, signed, read-only optical media and store it in a fireproof vault.

• OPEN SOURCE SOFTWARE APPLIANCE
Your site will receive a 1-U rack-mountable server. Hardware is provided with pre-configured open source software for network IDS, log consolidation and encrypted communications.

TECHNICAL SPECIFICATIONS

Appliance Specifications:

Pre-Installed Software	· OpenBSD 2.7 · stunnel 3.8 · xntp 5.93e · Snort 1.7 · Whitehat.com IDS rule set from arachNIDS · Fortifire Harvester™ Collector · Fortifire CryptCat Log Forwarder
System Hardware	· Intel® Pentium® III 600MHz with 256 KB L2 cache · 256 MB PC SDRAM · Intel® 810E Chipset · Integrated 2-channel IDE controller · 2 Integrated 100/100bT network interface with RJ-45 output · 1 serial, 1 parallel, PS/2 and mouse ports · 3.5 floppy, CD-ROM and 40mb EIDE hard drives
Power Specs	· AC Input: 115/230V 60/50Hz 6/3/A · DC Output: 150W / +5V 10A +12V 6A +3.3V 6A / -5V 0.2A -12V 1A +5VsB 720mA
Dimensions	· 1.75H x 19W x 18.5L · Approximately 40 lbs.
Regulations	· U.S. and Canada: UL 1950, 3rd Edition; CAn/CSA-C22.2 / NO. 950-95. 3rd Edition · Europe: EN60950; IEC 950
EMI/RFI	· U.S.: FCC Part15, Class A · Europe: Verified to EN55022 and EN55024

HARVESTERTM IN YOUR NETWORK

Alert Categories and Types:

Status Alerts	Operating System Measures File System Status Process Table Uptime and load Averages
Log Alerts	Log entries scores set by user 1st and 2nd level e-mail and paging Cease & Desist Notifications Escalation to Incident Response Status

Log Types Supported:

Firewalls	IPChains CheckPoint Ipf
Web	HTTPd Zope Apache IIS Cold Fusion
Service	Named NNTPd stunnel xidentd Telnet syslogd NT event log
IDS	Snort Real Secure
Schedulers	Crontab AT

Logging Specifications:

Acquisition	Host transmit copies of their logs to Harvester™ Appliance on siteOff-site consolidation occurs periodically, times adjusted per siteTransmission is via a TwoFish tunnel
Processing	Loaded into data warehouse in 10 minutesReviewed for violations within 30 minutesSecurity violations alert to Fortifire's alert management databaseConsolidated log analysis performed daily
Archival & Forensics	Archives are stored at Fortifire's Security Operations CenterCompressed, signed, and copied to read-only optical media