ARIS Analyzer Version 1.5

[Oliver Friedrichs <of () securityfocus com>]

SecurityFocus is proud to announce the launch of ARIS analyzer version 1.5.
Based on user feedback and lessons learned from the Code Red worm, we've
greatly improved the system, its interface, and incident reporting
capabilities.

For those who are not familiar with ARIS analyzer, it is a free service
designed, administered and maintained by SecurityFocus to allow
participating network administrators to submit suspicious network traffic
and intrusion attempts anonymously, for detailed analysis and tracking.  It
allows the correlation and management of IDS data from a number of industry
leading IDS' on a centralized incident management console.

It is available at the following URL:

http://aris.securityfocus.com

Here is a quick run-down of some of the new features that have been
integrated into ARIS analyzer:

-       A central message board that serves as a medium for the community
to collaborate on important issues. New groups will be created for the
discussion of specific incidents that arise, on an as-needed basis (CodeRed,
Leaves, etc). This message board is separate from the incidents mailing list
at SecurityFocus, and it specifically for ARIS Analyzer users.

-       A second message board system used for hosting private discussions
between ARIS Analyzer users who have a particular attacker in common.

-       A vast number of enhancements on the Incidents screen that
includes the ability to sort based upon a number of variables, the
implementation of severity ratings, improved visibility of other affected
ARIS users who have been attacked by the same IP, and much more.

-       A complete overhaul of the ARIS analyzer reporting mechanism.  A
total of 32 reports can now be generated based upon uploaded incident data.
This allows the ARIS analyzer to perform a quick tally on who is the top
offending IP targeting their network, the most frequently attacked ports,
the most commonly deployed attack types against the network, etc.

-       Support for Symantec NetProwler has recently been added.  Existing
supported IDSs include Snort, NetworkICE BlackICE, ISS RealSecure, Dragon
IDS, and Cisco Secure IDS with NFR NIDS to be integrated in the near future.

Down the road, we will continue to develop ARIS analyzer, improving it, and
adding the features that the community is looking for. One feature currently
in development is a customized home page that will display statistics and
summary data that is specific to the user's network when logged in.  As
opposed to generating specific reports, this will give the user a high level
overview of your infrastructure.

For those of you who are already registered as an ARIS analyzer user, we
highly encourage you to take a look at the new site and send us your
feedback at aris-feedback () securityfocus com.  Those who have not taken
advantage of this free service yet can sign up at:

http://aris.securityfocus.com

Many users have asked how we are able to offer this service free of charge.
ARIS Analyzer is a subset of a commercial service, ARIS Predictor, a
predictive security intelligence service, backed by the SecurityFocus
analyst team.  This service uses global ARIS Analyzer data to provide
customers with overviews and analysis' of events and trends.  We will
continue to develop ARIS Analyzer, in an effort to give you the features
that you want in an incident management console.  This approach is a
balanced way to provide a powerful service free of charge to the community
and ensure that it is funded so that it might continue it's existence.

Thanks for reading.

Oliver Friedrichs
Director of Engineering - ARIS
(650) 655-2000 X31 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com