Each day the threat to the security of a corporate network increases and exploited vulnerabilities seem to multiply exponentially. A breached enterprise network can yield trade secrets, expose core business functions or have its information destroyed by intruders bent on profit, mayhem and mischief. In-depth defense is the only solution to this problem in an increasingly interconnected world – and surveillance is the first bulwark of defense.
GFI today announced the release of GFI LANguard Security Event Log Monitor (S.E.L.M.) 4.0 as part of its defense solution for increasingly threatened enterprises. GFI LANguard S.E.L.M. is a host-based intrusion detection system primarily designed to monitor Windows-based networks for security breaches in real-time, but with enhanced flexibility to meet many other monitoring needs.
GFI LANguard S.E.L.M. continuously scans the security event logs of all Windows NT/2000/XP machines on a network, consolidating them into a central log for fast analysis and generating detailed activity reports. When it identifies critical security breaches – such as network users attempting to access shares, resources and/or data they should not view, GFI LANguard S.E.L.M. 4 sends out “real-time” alerts to administrators, thereby permitting immediate action against potential attacks and penetrations as they occur.
Detection of insider hacking now critical
“Internal security breaches and backdoors are a growing problem. Insider hacking represents about 70% of all malicious attacks, and costs US business over $1 billion annually in damages,” said Nick Galea, CEO of GFI. “Firewalls will not help against this. GFI LANguard S.E.L.M combats insider hacking by continually auditing all machines on the network and issuing instant alerts on high security events. With GFI LANguard S.E.L.M. 4, administrators have a major security tool in their arsenal and considerably more peace of mind.”
Reduces the administrative burden
In addition, GFI LANguard S.E.L.M. provides extensive reporting and forensic analysis. Among other things, administrators can view logon patterns of all network users, assess which machines are attacked most frequently, and identify users who are creating too many “events” such as failed logons or failed object access. With these reports, administrators can obtain important information about security activity on their network, and identify potential weaknesses.
GFI LANguard S.E.L.M. also scans the application, system, DNS server, directory services and file replication services event logs in addition to the Windows security event logs.
New features in GFI LANguard S.E.L.M. 4.0
Version 4 has added further enhancements including:
- A new Intrusion & Event Collection Status Monitor that displays critical/high security events as they occur on a network. Administrators are notified of a potential intrusion in real time visually and/or via a sound. The status monitor also scans GFI LANguard S.E.L.M.’s collection and processing activity. It can run on the machine running GFI LANguard S.E.L.M. itself or on a remote machine. A screenshot may be viewed at http://images.gfi.com/importantsecurityevents.gif.
- Customization of event rules & alerts. GFI LANguard S.E.L.M. 4 allows users to configure their own event rules and conditions for issuing alerts. These can be based on either security flags, for example, attempting to access a particular file or folder or a login failure; or as a means of monitoring non security-related issues, such as critical SQL server or IIS events.
Specifications, pricing and availability
GFI LANguard S.E.L.M. requires no agents or client software, has no impact on network traffic, and can be scaled to networks of thousands of servers and workstations. It is available from distributors around the world or online at the GFI site. Pricing starts at US$375 for a 2 server/10 workstation package. Administrators can check whether they need GFI LANguard S.E.L.M. at http://www.gfi.com/lanselm/whylanselm.htm. For more product information and to download the free starter pack, visit http://www.gfi.com/lanselm.
GFI (www.gfi.com) is a leading provider of Windows-based messaging, content security and network security software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; and the GFI LANguard family of network security products. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award.
All product and company names herein may be trademarks of their respective owners.