WhiteHat Sentinel users can now use Sentinel vulnerability data to create ultra-targeted Snort rules, expanding the capability of an IPS to detect application layer attacks.
WhiteHat Sentinel is a website vulnerability management solution that integrate verified website vulnerability data with Snort, thereby extending IPS from the network space to include websites. As a result, users can fine-tune Snort alerts and correlate findings to reduce noise and allow security teams to focus on real issues.
Prior to the WhiteHat Sentinel/Snort integration, security professionals were forced to sift through reams of Web server logs to retrieve the same information now seamlessly generated and validated by Sentinel. Now false positives are eliminated, so security teams can be confident that an alert signifies a real problem.
“We are excited by the enhancement of Snort rules with WhiteHat Sentinel’s targeted website vulnerability data,” said Marty Roesch, founder and chief technology officer, Sourcefire and creator of Snort. “Verified and accurate vulnerability information from the running Web application makes it easy to generate a list of Snort rules in IPS mode in order to stop attackers from taking advantage of these vulnerabilities, while simultaneously fixing the problems.”