Start-up Centrax is jumping into the security market for intrusion detection software to monitor, and eventually to repel, efforts by both internal and external users trying to view data they are not authorized to see.
The first product, called Centrax Audit Strategy Tool or CAST, lets Windows NT network administrators configure machines in minutes so they can log usage. By setting which events to log, managers can determine whether efforts are being made to break into the server.
"What they are doing is a valuable service," said Alan Paller of the SANS Institute, an educational group for systems administrators and network security specialists. "Anyone who wants to can do that himself; [but] a lot of people don't do any settings because it's technically slightly challenging. Any tool to make it easier will help people who are just getting started."
But CAST is just a prelude to eNTrax, an upcoming product in Centrax' security suite of host-based intrusion detection software. eNTrax will analyze the logs created by CAST to flag patterns of suspicious activity that may indicate unauthorized efforts to break into specific machines.
"Logging is a third of the tools you need," SANS Institute's Paller said. "The other two are systems that read logs intelligently so you don't have to check them in detail and time [to use that data]."
Intrusion detection is emerging as a hot area in network security--Cisco Systems last month acquired a leader in that space, WheelGroup, and Network Associates will acquire intrusion detection software from Haystack Laboratories when NA's purchase of Trusted Information Systems closes this spring. Another intrusion detection vendor, Internet Security Systems, has filed for an IPO to go public.
"Without CAST, no enterprise audit policy distribution tool is available--it doesn't exist," Centrax chief technical officer Paul Proctor said. "People are doing things about this, but nobody has a tool to set audit policy. If you're going to do the rest of the stuff for intrusion detection, you've got to have a good audit policy up front."
Centrax provides "host-based" intrusion detection, which monitors specific machines or hosts for unauthorized use, rather than monitoring key points on a network, as WheelGroup and ISS do. Also in the host-based space are Axent and Intrusion Detection.
Centrax' broader product family is being built for Windows NT, although CAST also will be ported to Unix. CAST for Windows NT is available from Centrax for licenses starting at ten seats for $395, with larger enterprise licenses also available.