Safe Access

FAQ's »
Updates »
Open Source »

VAM

FAQ's »
Updates »
Security Checks »
Open Source »

Strata Guard

FAQ's »
Updates »
Open Source »



Cobia

Support »
Open Source »

 

The StillSecure Security Alert Team™ (SAT) ensures that StillSecure customers are protected from the latest network security threats. Working on 24x7 basis, SAT releases new and updated rules as new threats are identified. SAT-released rules ensure compliance with security and regulatory standards and minimize false positives/negatives.

SAT releases rules for all StillSecure solutions in industry-standard open source formats. StillSecure solutions can be configured to check for updated SAT rules as frequently as every hour, or users can download rule updates on demand, ensuring up-to-the-minute protection. The SAT rule development and release cycle is shown below.

Primary SAT activities include:

  • Monitoring sources of security alerts, notifications, and advisories for emerging threats
  • In-house rule development
  • Quality assurance/quality control (QA/QC) for both SAT-developed rules and open-source GPL rules
  • Releasing new and updated rules
  • Notifying SAT subscribers of significant rule releases/updates

    Most rules released by SAT are available under the GPL license.

    SAT rule development process
    SAT compiles the rule sets for StillSecure products from two primary sources: internal, SAT-developed rules and externally developed rules available from open-source development groups. A number of these development groups are shown in the graphic above. As a result of this multi-source approach, SAT-distributed rule sets are the most comprehensive, highest quality, and most protective in the network security market.

    SAT's four-step rule development and release process is shown in the figure to the left.

    Developing integrated compliance and regulatory rule sets
    SAT distributes rule sets that satisfy industry-standard security benchmarks such as SANS Top 20 and the Department of Defense (DoD) IAVA. As new rules are developed that fall within these rule sets, and as the benchmarks themselves are updated, SAT tags applicable rules and automatically adds them to the appropriate rule set. Organization's that must comply with these standards are assured that StillSecure products automatically defend against the threats on these benchmarks.

    In addition to the benchmarks mentioned above, SAT is in the process of developing regulatory rule sets for other key benchmarks, such as FISMA, Sarbanes-Oxley, and a number of others.

    Industry leadership in open-source rule development
    SAT provides leadership to and actively participates in the open-source rule development community. SAT plays a leading role in Snort* and NASL formatted rule development, participating in the following organizations:

    • Open Security Scanner Association (OS2A) — StillSecure is charter member and driving force of the OS2A, a consortium of security companies that ensure NASL-formatted rules are available for the latest vulnerabilities. OS2A-developed rules distributed to all members and publicly available via the open source community (under GPL).
    • Bleeding Snort — StillSecure is a corporate sponsor and participating member.
    • Open Source Snort Rules Consortium (OSSRC) — StillSecure is a founding member of this consortium of leading commercial Snort users. All rules developed by the OSSRC are released under GPL.
    • Sourcefire VRT — StillSecure is a corporate sponsor and supporter of the base Snort ruleset.

    * Snort is a registered trademark of Sourcefire, Inc. Latis Networks, Inc. is not affiliated with, connected to, or sponsored by Sourcefire, Inc.