ICSA Labs IDS Consortium Announces Network Intrusion Detection System Alert Specification Format

MECHANICSBURG, Pa.--()--Feb. 23, 2004--

  Industry Experts from Cisco, Internet Security Systems and Sourcefire Join Forces to Develop the Security Device Event Exchange Transport Protocol Specification  



ICSA Labs(R), an independent division of TruSecure(R) Corporation, today announced the development of the Security Device Event Exchange (SDEE), an intrusion detection system (IDS) alert format and transport protocol specification. SDEE is an XML-based alert format adopted by the members of the ICSA Labs Intrusion Detection Consortia and created by Cisco Systems and other leading IDS vendors including Internet Security Systems, Inc. (ISS) and Sourcefire.

IDSC members Jeff Platzer and Mike Hall of Cisco Systems, Robert Graham of ISS, Marty Roesch of Sourcefire and Marcus Ranum of TruSecure Corporation co-developed the SDEE transport protocol specification format; this team will manage future revisions to the specification.

"Cisco is pleased to have participated in the development of this specification, and help address the industry-wide challenge of normalizing event messages in a common format," said Mike Fuhrman, director of engineering at Cisco Systems. "This industry collaboration underscores the advancement of IDS technology adoption today."

SDEE specifies the format of the IDS alerts as well as the protocol used to communicate events generated by security devices. SDEE is flexible and extensible so vendors can utilize product specific extensions in a way that maintains messaging compatibility. In addition, SDEE will provide corporations and security vendors better management of multiple vendor environments by having all alerts communicated in the same format. SDEE builds upon the XML, HTTP and SSL/TLS industry standards to facilitate adoption by vendors and users by allowing them to use existing software that implements these standard interfaces. For more information about SDEE, please visit http://www.icsalabs.com/html/communities/ids/sdee/ or contact Scott Markle at smarkle@icsalabs.com.

"This spirit of cooperation is what the Internet was based upon. Rather than a complicated standard that was hard to implement, we simply sat down together and solved the basic problem of getting our products talking to each other," said Robert Graham, chief scientist, Internet Security Systems, Inc.

"Consensus standards like this are an important indicator that a technology has matured and become mainstream. This effort is proof that meaningful and useful standards can be agreed-upon quickly and effectively, providing a great benefit for customers as well as IDS vendors and third parties," said Marcus Ranum of TruSecure Corporation.

About IDSC

ICSA Labs formed the IDSC consortium in 1998 to provide product developers an open forum within which they could work towards common goals. These goals include educating end-users, influencing industry standards and maintaining product and marketing integrity. Members meet on a quarterly basis and participate in ongoing discussions and cooperative projects such as certification criteria development, buyer's guides and white papers. Membership is open to any developer of intrusion detection and intrusion prevention systems.

Current members include: Cisco Systems, Inc., Fortinet, Internet Security Systems, Inc. (ISS), SecureWorks, Sourcefire, Inc., Symantec Corp. and Tripwire, Inc. A complete list of current IDSC Members can be found at: http://www.icsalabs.com/html/communities/ids/membership/index.shtml For more information about the IDSC or the SDEE, please visit http://www.icsalabs.com.

About ICSA Labs

ICSA Labs, an independent division of TruSecure Corporation, offers vendor-agnostic testing and certification of security products. Hundreds of the world's top security vendors submit their products for testing and certification at ICSA Labs. The end-users of security technologies rely on ICSA Labs to authoritatively set and apply objective testing and certification criteria for measuring product compliance and reliability. The organization tests products in key technology categories such as anti-virus, firewall, IPSec VPN, cryptography, intrusion detection, PC firewall, content security, SSL-VPN and Wireless LAN.

Contacts

TruSecure Corp.
Cynthia S. Shaw, 703-480-8509
cshaw@trusecure.com
or
Schwartz Communications, Inc.
Jason Morris/David McKee, 781-684-0770
trusecure@schwartz-pr.com

Contacts

TruSecure Corp.
Cynthia S. Shaw, 703-480-8509
cshaw@trusecure.com
or
Schwartz Communications, Inc.
Jason Morris/David McKee, 781-684-0770
trusecure@schwartz-pr.com