Easy Signature Management with Aanval SAS

A core component of an IDS system are the signatures attached to the sensors. Snort and Suricata sniff network traffic and produce valuable event data based on rules. Aanval SAS allows the user to manage those rules directly from the console using the Sensor Management Tools (SMTs). Rather than sifting through a conf file, users easily select which rules should be attached to which policy and which sensor, and then push those updates to the sensors. The SMTs can also pull current conf files and rules, make necessary modifications, and then send them back.

Learn more about Aanval SAS’ Sensor Management Tools and install them on your sensors: http://wiki.aanval.com/wiki/Aanval:Sensor_Management_Tool

Nuisance Events

It can take time to add and remove rules when creating a custom recipe for an environment. Aanval SAS provides two different methods for managing nuisance events: silence them with the SMTs and also with an Action Management system that can automatically detect entered events or other criteria and execute when triggered, to send an alert or simply delete the event, keeping it out of view.

Learn how to manage and suppress nuisance events and create your own custom signature recipe: http://wiki.aanval.com/wiki/Aanval:Event_Suppression

An Eye on Security Information and Event Management (SIEM)

Studies Show Demand for SIEM Tools to Grow More than $1 Billion Worldwide: The SIEM Demand and Hype Explained.

The popularity of Security Information and Event Management (SIEM) is very much of the moment. According to Gartner, it is the fastest rising sub-section of the security sector with a growing rate of 21% a year. As threats become more severe and complex, the demand for SIEM tools will grow to more than $1 billion worldwide by 2015, according to an industry research firm Frost & Sullivan. The market for SIEM tools, which has been slow-growing for more than a decade will experience an immense demand. The study, “World Security Information and Event Management (SIEM) and Log Management Products Market,” reports that the SIEM market earned revenues of $678.1 million in 2009 and predicts that this figure will hit $1.3 billion in 2015. Frost & Sullivan also reports that the Asian Pacific Security Information and Event Management (SIEM) is also expected to grow at a strong compound annual growth rate (CAGR) of 27% during 2010-2014. The report further explains Market earned revenues of $93.4 million in 2010 and estimates that this will reach $242.7 million in 2014.

Learn more about the market demand for SIEM and why security experts believe SIEM will emerge as a mainstream solution as enterprises strive to gain visibility across the network, endpoints, internal servers, and applications.

View Entire Library Article

Understanding and Selecting a Capable SIEM Solution

The Various Use Cases SIEM Technology Can Help Solve and the Business Justification of Investing in a SIEM.

The rising demand for Security Information and Event Management (SIEM) solutions has grown worldwide as more organizations are turning to SIEM technology to ramp up their security posture and combat escalating cyber threats and breaches. The SIEM market is being driven by IT projects to resolve security issues and to improve security monitoring and incident response technology. As more organizations adopt SIEM solutions, the technology will serve as a vital component in the secure and stable operation of a business’ network.

There are many reasons why organizations are embracing SIEM technology and it’s important to understand the various security use cases that SIEM technology can help solve. There are five important critical business benefits derived from a capable SIEM solution for all enterprises regardless of size.

1. Reduction of capital and operational cost

2. Early detection of security incidents

3. Provide comprehensive and efficient reporting

4. Deliver crucial operational efficiency

5. Achieve greater security intelligence

Examine the critical business benefits of a capable SIEM solution and explore how Aanval can help solve specific use cases.

View Entire Library Article

SIEM-Based Intrusion Detection Introduction: Advantages of Using Open-Source Snort and Suricata IDS/IPS in a SIEM

Over the years, SIEM has almost become synonymous with log reporting and compliance management. Yet, SIEM technology has far more advanced capabilities than simply helping organizations make sense of log data to meet security and audit regulations. According to Dr. Anton Chuvakin, a security expert “too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security.” Fortunately, many organizations are increasingly realizing the value and benefits of SIEM for improving their security posture.

According to the recent RSA Survey, the following are widely used functions and tools of SIEM solutions:

1. Alert anomalies
2. Identify threats and potential high-risk incidents
3. Monitor network traffic
4. Streamline remediation efforts
5. Advance other security operations functions in general

The survey shows that 89% of mid-size organizations surveyed are using SIEM solution for security operations compared to just 54% that cited compliance and 68% that cited IT and network operations. When respondents were asked to cite one thing they would like to change about their current SIEM solution besides cost, the top issue identified was to improve alerting for security incidents. In addition, a frequent problem respondents face with those already using a log management or SIEM solution are incident response limitations.

While many SIEM vendors exclusively focus on solving log management and compliance use cases, the Aanval SIEM solution is focused on strengthening log management capabilities as well as the security infrastructure of an organization. The Aanval SIEM solution is capable of efficiently detecting anomalies in user, network, and application behavior and delivering real-time security alerts. Aanval delivers a new level of security intelligence so you can make sense of all captured log data and effectively strengthen your organization’s security posture.

Security experts believe that SIEM solutions that interface with a successful Intrusion Detection System (IDS) is most suited to monitor network traffic, deliver real-time alerts, and provide effective threat management which can result in a greater security posture.

Explore the new concept of SIEM-Based Intrusion Detection and learn the benefits of utilizing Snort and Suricata IDS/IPS in the Aanval SIEM.

View Entire Library Article

See What’s New With Aanval SAS™

Tactical FLEX, Inc. Launches New “Industry Focus” Website Section

“Tactical FLEX, Inc. protects more than 6,000 organizations within every industry in more than 100 countries throughout the world”

The newly launched “Industry Focus” website section was created to provide information security professionals a more expansive perspective on the security needs and challenges facing their industries. Every organization, regardless of specific industry, is facing similar and ever-increasing network and inter-network related security threats. Our products and services are designed not only for the important facets of the industries included in our section, but for every organization with a network or internet connection.

Tactical FLEX, Inc. is a trusted security vendor, with its products and services protecting over 6,000 organizations worldwide. Government security and defense organizations from more than a half dozen countries, global financial and educational institutions, as well as space exploration and military weapons manufacturers rely upon Aanval as a part of their security infrastructure. Our products and solutions are designed for end-to-end intrusion detection and network security situational awareness. Whether your organization has an existing security infrastructure in need of updates and oversight, or this is your initial deployment, our offerings are your remedies.

Learn why leading organizations rely on Aanval, the industry’s leading Snort, Suricata, and Syslog SIEM.

Visit our Industry Focus Overview section at http://www.aanval.com/industry and select a relative industry to find out how our products and services can aid in securing your valuable assets and information.

The Case for More Security Intelligence: Why Situational Awareness and Event Correlation is Necessary for Advanced Threat Detection

As organizations become more geographically dispersed and network operating systems more complex, managing high levels of security risks around the clock to avoid becoming another data breach news headline is a top priority for all IT security departments. During the past year, the term “situational awareness” has found a legitimate position in the information security world and the hype around situational awareness is now steadily growing. A increasing number of organizations seem to understand the concept of “cyber situational awareness,” its value and benefits for their business operations and long-term security posture. However, security experts believe that the existing approaches to security still lack the advanced situational awareness technology, correlation automation features, and dexterity needed to detect and hinder sophisticated advanced threats. It is also believed that a good percentage of security technology systems serve up far too much data and not nearly enough security intelligence to assess security event situations and network conditions in real-time. Many organizations are also forced to manage with incomplete data because a given security technology solution may not recognize a security risk for what it is without correlation from other data sources. Therefore, organizations must understand that event correlation will provide the insight needed to understand how events going on outside the organization might impact networks that support business operations. Furthermore, many organizations are also “situationally unaware” because incidents are more often investigated in isolation without correlation with historical security events. Organizations must also recognize the crucial value of historical data to identify patterns of attacks and predicting future threats.

“Security intelligence” is all about being able to understand everything that’s happening within and to your network, applications, websites, and databases, and making good use of all this information at your disposal. It’s about the business and how security impacts business risks. Without security intelligence, the overall big picture is missing and the security vulnerability posture cannot be monitored and measured accurately.

View entire Library article about Situational Awareness at http://wiki.aanval.com/wiki/Library:Cyber_Situational_Awareness:_The_Ability_to_Make_Informed_Risk_Management_Decisions

Learn more about the benefits of Aanval v7’s Situational Awareness engine at


Aanval Video Tutorials on YouTube

Two new video tutorials have been posted to our YouTube channel: http://www.youtube.com/aanvaldotcom

The videos cover setting up and configuring the Snort/Suricata database and sensors and also setting up and using the Live GeoLocation feature, newly updated for Aanval SAS (v7).

Check out the videos and be on the look-out for more:

Live GeoLocation Setup: http://www.youtube.com/watch?v=nyb5pMLJhwQ&feature=plcp

Snort/Suricata Database and Sensor Setup: http://www.youtube.com/watch?v=W3s-LDP2tNg&feature=plcp

Need another tutorial not yet available?

Email our support team at support.group [at] aanval [dot] com and detail your needs.

Why Outsourcing NOC Services to a Trusted Provider Can Benefit Your Business and IT Department

All organizations worldwide have critical assets that need protection in this 24/7 high-tech Internet world and competitive economy. A Network Operations Center (NOC) serves both as a defense and protection to network systems and users from data thieves and hackers trying to bring down network systems. NOC also gives businesses a powerful tool not only for controlling, responding to, and preventing threats impacting their environment, but also for reducing risks and avoiding costly downtime while protecting brand and reputation.

Organizations that choose to outsource NOC managed services can save valuable time, reduce operational costs, become more productive, and free-up resources to focus on growing and securing the organization. It is typically assumed that the largest companies have the resources only to build and staff a dedicated NOC. Tactical FLEX , Inc. can help all organizations both small and large. Tactical FLEX, Inc. offers an intelligent real-time Network Security Operations Center (NSOC), customized to meet the monitoring and management needs of both small and large enterprises worldwide.

Learn how our NSOC can effectively manage your security needs. View our Sept. 2012 Newsletter http://createsend.com/t/j-D0D075D7E342F8DC

Visit the NSOC at Tactical FLEX, Inc. http://www.aanval.com/nsoc.

Online Chat and Aanval Support from Tactical FLEX, Inc.

New! Online Chat with the Tactical FLEX, Inc. Team!

Tactical FLEX, Inc. has recently added more support options to its standard line-up: online chat! Whether you’re on the Wiki at http://wiki.aanval.com or on the main site at http://www.aanval.com, you can chat with our Sales and Support teams to get quick answers and direction.

Aanval SAS Support Line-up

Part of the Aanval SAS suite is telephone and remote support. Our support and development team can quickly view and repair Aanval issues, saving precious time and you from stress.

In addition to these wonderful tools, SAS customers also have access to email and chat support.

Aanval Community Support

Those using the Aanval Community edition have access to our ticket-based system. Communicate via email with our support team to resolve your Aanval issues.

To create a trouble ticket, simply email support.group [at] aanval [dot] com. Please include as many details as possible. Screen shots are very helpful, too.

The Full Details

Please visit http://www.aanval.com/support and http://www.aanval.com/supportServices for the full support run-down.

Self-Diagnose and Repair at the Aanval Wiki

The Aanval Wiki is loaded with guides, troubleshooting tips, and direction–and it’s continually being updated and augmented. It’s an excellent source for quick answers and solutions.

Visit http://wiki.aanval.com

Tactical FLEX, Inc. Debuts Aanval SAS™ (Situational Awareness System)

SEATTLE, June 28, 2012 /PRNewswire/ — Tactical FLEX, Inc., a global provider of information security, vulnerability, and risk management software solutions, today announced the debut of Aanval SAS™, a powerful, automated Situational Awareness System designed to raise the bar by providing complete end-to-end network visibility across physical and virtual environments, enhancing network defenses, thwarting advanced security threats, and identifying real threats and vulnerabilities before cyber criminals find them. Aanval SAS™ is the combination of the most advanced SIEM features coupled with the newly released Network Host Scanner, Rogue Host Detection, and Offensive Reconnaissance™ that take full advantage of Nmap, the industry’s most well-known and accomplished port scanning utility to perform both automated and on-request network reconnaissance. Network host availability, IP, and service scanning, as well as OS fingerprinting are now also available directly within Aanval®.

The new Aanval SAS™ solution ties in with the Responsible Security Package which provides enterprises of all sizes with a complete, scalable, and affordable end-to-end security solution for Snort and Suricata IDS that can adapt to the latest security threats, new vulnerabilities, BYOD implementations, and everyday network challenges. Tactical FLEX, Inc. understands that organizations cannot afford to have a blind spot in their network infrastructure as well as lack the capability to detect a potential or existing security breach and rogue devices. Tactical FLEX, Inc. is committed to ensuring our customers derive the greatest possible value from their Aanval SAS™ investment and have the opportunity to secure all of their company networks and security infrastructures across the board. With annual unlimited sensor capacity, organizations and businesses of all network sizes are no longer limited by sensor cost and can now monitor every aspect of their environment. The Responsible Security Package helps support our customers’ network security deployment initiatives while delivering substantial cost savings and enhancing overall security posture. SMBs and large enterprises can now easily deploy an effective market-leading end-to-end network security solution that can also store nearly an unlimited number of security events within the console.

View entire press release at http://www.aanval.com/press

New Community Portal

Industry and Community Support

The information security sector in whole is important to Tactical FLEX, and we constantly strive to improve our efforts in supporting and helping provide tools, education and resources.

In our work to continue to support our industry, we’ve created a Community Portal section in our Aanval wiki that is dedicated to installation and instruction documentation for Snort and Suricata. These documents are maintained and will continue to provide a centralized resource for our customers, users and those who may use competing products but simply need a boost in the right direction.

Browse the new Community Portal using the following link:


More about Aanval

We support over 6,000 customers in more than 100 countries by delivering real-time, continuous network monitoring and by providing a wide range of product manuals, information security articles, and up-to-date how-to guides. Built with a unique Situational Awareness engine, users rely on Aanval because it provides a proactive tool to combat cyber threats and safeguard their virtual and physical assets.

Aanval continues to support both the information security and open source Snort and Suricata communities by providing users with a free non-commercial version of Aanval® that allows full functionality of a single-sensor device. Aanval is designed to work with all versions of Snort and Suricata, and can process syslog data from any device capable of external logging.

Aanval is available for download as a free Community edition, in addition to an unlimited sensor-capacity, commercially purchased and supported Snort, Suricata, and syslog license. Downloading and installing Aanval is free and takes only minutes to accomplish. Designed to work with all current Linux, Unix, and Mac OS X flavors of operating systems, you can be up, running, and viewing events within minutes. Let Aanval turn your data into actionable and comprehensive insights to reduce security risks.

Free download here: Aanval Community Edition

Aanval® is the industry’s most comprehensive end-to-end SIEM-based Snort and Suricata IDS solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully integrated event management and attack data correlation engine.

Learn more at http://www.aanval.com