provided by: 
Originally published at Internet.comnFX is a software platform (Windows, Linux, Solaris) that provides incident detection and remediation tools to security administrators. The platform provides incident detection by utilizing an agent-based methodology to analyze the raw data and event notifications as provided by multiple supported devices, including firewalls, intrusion detection appliances, anti-virus scanners, and the operating systems themselves; mapping, correlating and classifying the data categorically based on how the initial event relates to predefined Alarm IDs and categories in addition to pre-defined and administrator customized correlation rules; and finally providing a workflow-based Incident Response Management tool that guides security personnel through the process of correcting the discovered problem.
netForensics states that nFX can scale from 100 to over 10,000 devices, and supports the aggregation of data from multiple systems out-of-the-box, including McAfee Virus Scan, Check Point and Cisco firewalls, and IDS appliances from multiple vendors including Cisco, Symantec, ISS, and McAfee. Events generated by Web Servers (Apache, IIS, Netscape Enterprise Web Server) and operating systems (HP-UX, Windows NT4/2000, Red Hat Linux, Solaris) are also gathered. For those devices that are not immediately recognized by agents, nFX provides a configurable Quik Connect Module which can be script-modified to support otherwise unknown device alerts.
Raw data received from the agents is categorized (the vendor states that over 20,000 events are recognized and classified into 100 Alarm IDs and 9 generalized categories) by the central nFX Master Engine and correlated as to their severity via three correlation engines: the Statistical Correlation Module, which analyzes events based on their actions regardless of their origination and generates a "threat score" based both on the severity of the action as well as the value of the affected corporate asset; the Rules-Based Correlation Module which allows for the enforcement of pre-defined and administrator customized rules (which combine specific events with specified actions); and the Vulnerability Correlation Module which attempts to identify false positives, and otherwise assigns a "confidence level" to those events that cannot be positively identified. A Real-Time Console provides administrators with a graphical interface for visualizing events as they occur.
Identified incidents can be reported in a variety of ways (over 250 reports are provided) and remediation tools provide both workflow and instructions to security personnel compliments of a built-in knowledge base housing information generated both from netForensics and specific vendor intelligence.
The latest addition to the nFX platform is Policy Compliance Reporting, which allows the corporation to report on the configuration compliance of individual machines attempting to access the network; i.e., whether the machines have appropriate virus scanning software, operating system patches, etc. In addition to reports, Policy Compliance Reporting feeds its collected data into the nFX platform allowing for the correlation of user/device data with network events.
nFX is available now. Contact netForensics for further information.Author: EITPlanet Staff
Read article at Internet.com site