Reduces Snort IDS False Positives Up to 70%
Black Hat, Las Vegas, NV — July 30, 2003 — Qualys™, Inc., the market leader of on-demand security audits and vulnerability management, today released Quidscor as Open Source. Quidscor is a correlation engine that merges Qualys vulnerability data with Snort IDS events to reduce IDS false positives up to 70 percent. This correlation prioritizes the events that need investigation, reducing the overall cost and complexity of handling IDS alerts.
“Quidscor has improved the value of our Snort IDS by reducing the amount of time wasted catering to false positives,” said Donald Wilkins, Director of Network Services at Navicure. “We can now reduce the costs of handling alerts by increasing their relevance and prioritizing them to make our company more secure. As threats continue to increase, it becomes paramount that security products work together for a smarter defense.”
“Enterprises requiring a secure network are wading through the daily flood of information that Intrusion Detection Systems produce, often without the time or resources to remedy,” said Eric Ogren, senior analyst with the Yankee Group. “Incorporating the intelligence gained from vulnerability scans provides IT with the tool necessary to filter and prioritize IDS events for the enterprise’s unique environment. Network managers can save significant time and energy while better controlling network security with automated correlation of vulnerability assessment scans with IDS event data.”
Quidscor (Qualys IDS Correlation) is an Open Source correlation engine that merges vulnerability data with IDS events to reduce IDS false positives up to 70 percent. Quidscor improves the quality of IDS alerts by filtering events for inactive services and absent vulnerabilities. The engine processes each IDS alert, compares it to existing vulnerabilities, and prioritizes the alerts thereby reducing the overall cost and complexity of handling IDS alerts.
Snort users may sign up for a trial of QualysGuard to take advantage of this correlation at www.qualys.com/quidscor. Quidscor is available for free as part of the QualysGuard web service, download Quidscor at http://quidscor.sourceforge.net/.
With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.