A revolutionary intrusion detection tool based on Windows NT/2000 security event logs
London, UK, 18 July 2001 – GFI has launched LANguard Security Event Log Monitor (S.E.L.M.), a revolutionary host-based intrusion detection tool. This new network security product is a centralized event log security analyzer that retrieves all security event logs from servers and workstations and alerts administrators about breaches for immediate intrusion detection.
Affordable intrusion detection that works
Traditional intrusion detection products sniff network traffic, and are therefore “blinded” by the use of switches, IP traffic encryption and high-speed data transfer. Furthermore, conventional intrusion detection tools rely on attack patterns; however, these are constantly changing and therefore the attack pattern database is almost immediately outdated.
LANguard, on the other hand, scans the Windows NT/2000 security event logs in real time. It monitors these event logs for significant security events and compares them to a rule base. Such events would include, for example, failed object access to confidential files, logon failures occurring in the network, user accounts changes and additions, successful logon of a user outside office hours and more. Besides this technical advantage, intrusion detection the LANguard way is also much more affordable. At pricing starting from $350 rather than $5,000 and up, every organisation can now afford to give intrusion detection the importance it requires.
Effectively dealing with security breaches
Internal and external security breaches are on the rise. And internal security breaches are the hardest to tackle, because administrators have few tools to monitor their modern network (since in most companies this is high speed and fully switched – and encryption of all network traffic is imminent). In December 2000, for example, Business Week reported that internal security breaches account for about 70% of all malicious attacks and cause around $1 billion in damages each year to US businesses.”
“LANguard S.E.L.M. is a unique offering that increases corporate efficiency in combating security threats to the network. Because it relies on event logs, it does not require pattern updates; it is not impaired by switches and can easily be deployed on any network and scaled to networks of thousands of servers and workstations,” explained Nick Galea, GFI CEO.
“Apart from alerting administrators to internal breaches, LANguard S.E.L.M. enables users to verify that their firewall is actually doing its job and blocking all external attacks. This way, those trying to exploit backdoors to a corporate network can be foiled,” Mr. Galea pointed out.
LANguard S.E.LM not only alerts the administrator about high security events but also archives all security events in a centralized location, allowing for extensive reporting and forensic analysis. For example, one can view logon and logoff times of all network users. One can also view trends, or see which machine is attacked most. Additionally, one can identify users who are creating too many events such as failed logons, failed object access, etc. With the reports, administrators can obtain important information about security activity on their network. And this information can be the key to running a secure network.
Pricing starts at only US$350 to monitor three servers. For more product information, please visit
GFI (http://www.gfi.com) has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is the developer of FAXmaker, Mail essentials and LANguard, and has supplied applications to clients such as Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award, and was named one of 1999’s fastest growing software companies for Windows by Microsoft Corp. and CMP Media.