3net has partnered with QinetiQ, one of the world's leading defence technology and security companies. 3net created a consortium with QinetiQ and Sourcefire to offer a managed IDS (MIDS) solution to a UK based global mobile operator.
The solution provides 24x7 real-time monitoring for security events and abnormal traffic conditions and was a key requirement to obtain compliance to the Payment Card Industry (PCI) standard. The solution allows the mobile operator to control the false positives associated with intrusion detection systems and focus on the real events that might impact business.
QinetiQ provide a Managed IDS service tailored to meet specific customer requirements which provides the following benefits:
24x7x365 real-time monitoring and response
A team of analysts and support staff use technology as a decision support tool to effectively identify potentially malicious activity
Comprehensive reporting
Tailored reports to meet specific customer requirements for daily, weekly or monthly periods.
Prioritised Alerting
The QinetiQ system assigns to each unique security event a level of severity. This is independent of the underlying classification often attached to incoming security events from different vendor systems and enables the advantages gained through human analysis.
Anomaly Detection
The combination and correlation of the Sourcefire IDS and RNA data feeds provides a mechanism for anomaly detection. The host information gathered by the RNA sensors allows a "normal" pattern of behaviour to be determined for a given host. Thus a sudden change in the pattern of activity for that host such as a backdoor port opening on the system is detected as an anomaly.
The value of this approach is that it is not reliant upon known-attack signatures to detect known threats and so lends itself very well to detecting zero day attacks and worm activity.
