The Evolution of Intrusion Detection Systems: Introduction to Aanval, the Next Generation IDS Console Designed for Real-Time Threat Management

Intrusion detection has indeed come a long way, becoming a necessary means of monitoring, detecting, and responding to security threats. Although the IDS market is experiencing technological challenges due to lack of product innovations, the next generation intrusion detection systems including Aanval v7 are making a big splash in the market. Armed with advanced feature technologies, security intelligence and offensive tools to help shore up defenses, Aanval v7 is on the forefront of becoming the industry’s most comprehensive and best performing IDS Solution. Learn more about the concept of the next generation intrusion detection systems designed for real-time threat management performance.

What Are the Key Technological Challenges Facing the Intrusion Detection Systems Market Today?

Although IDS/IPS have become a necessary addition to the security infrastructure of nearly every organization, the intrusion detection systems market is mature with new innovations taking a relatively long time to enter the market. According to the 2011 Frost & Sullivan’s Global Research Report, the intrusion detection industry has several key challenges across different applications:

1. Lack of situational awareness
2. High volume of false alarms, and by-law requirement of alarm verification
3. Central monitoring stations are constantly trying to reduce costs
4. Problems of scalability and deployment in large organizations

In this article, we will explore some of the key challenges facing the IDS market, their impact on today’s network security and explore how Aanval v7 can help provide technological solutions for the following:

1. Obtaining situational awareness to combat today’s advanced security threats.
2. Improving security by accelerating detection of attacks and delivery of security alerts.
3. How to efficiently monitor networks for less?
4. Improving scalability and flexibility of deployment accommodates both business and network growth

View Entire Library Article

Tactical FLEX, Inc. to Host Webinar on How to Optimize and Unleash the Powerful SIEM Features of Aanval SAS™ (Situational Awareness System) IDS Console

SEATTLE, October 22, 2012 — Tactical FLEX, Inc., a global provider of information security, vulnerability, and risk management software solutions, today announced a new educational webinar entitled “Aanval SAS™ Tips and Tricks.”

According to SecurityWeek, “Over the past few years the market has developed new expectations from the network and applications security industry. One of the most challenging expectations is that information security systems be able to not only detect attacks, but also prevent or mitigate them in real-time.” With “the growth in the sophistication and frequency of attacks over the last few years”, SecurityWeek points out that in most cases “the human security expert cannot comply with the required response time.” Using this insight, the concept of automating situational awareness and utilizing SIEM technology can help IT departments efficiently monitor and analyze network activities as well as improve security by accelerating detections and thwarting attacks.

Tactical FLEX, Inc. understands the importance of real-time threat management and the importance of automation to help efficiently and accurately identify real threats and vulnerabilities before cyber criminals find them. Join our Support Specialist for an informative discussion on how to optimize and unleash the powerful SIEM features of Aanval SAS™ IDS Console to obtain an accurate assessment of security risks and complete network visibility of your IT infrastructures. Learn troubleshooting tips and tricks, and how to optimize your Aanval SAS™ console. Troubleshooting tips and tricks will cover such items as missing events or sensors, downloading Snort and Suricata signatures, and using the new and advanced GeoLocation technology.

Aanval SAS™ (Situational Awareness System) is loaded with robust and powerful features, and we want you to make the most of them to ensure your networks are secured. Optimization tips will include Sensor Management Tools (SMTs), Situational Awareness, Event Correlational features, using the Advanced Search and Reporting features, and more.

This must-attend and complimentary webinar will take place on Tuesday, Oct. 30th at 9:00 am Pacific Daylight Time. To register for this educational webinar, please visit

Aanval® is the industry’s most comprehensive end-to-end SIEM-based Snort and Suricata IDS solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully integrated event management and attack data correlation engine. To learn more about Aanval SAS™, please visit Aanval® can also be downloaded free for testing and evaluation by visiting

About Tactical FLEX, Inc.
Tactical FLEX, Inc. is a privately owned software development firm based in Seattle, specializing in information security research, engineering, technology design, and production. With the technological development of Aanval®, Tactical FLEX, Inc. has become a global provider of information security vulnerability and risk management software solutions that protect businesses of all sizes. Aanval® currently has over 6,000 customers worldwide including government security, defense organizations, technology corporations, financial services organizations, energy companies, educational institutions, healthcare organizations, biotechnology manufacturers, pharmaceutical companies, law firms, and utility providers.

Snort vs Suricata: Why You Should Also Give Suricata a Try.

Suricata IDS Engine Delivers Many Benefits in Combatting Today’s Security Threats.

Suricata is an open source-based intrusion detection system and is the result of more than four years of development led by the Open Information Security Foundation (OISF) and a number of developers organized to help build the next generation open-source IDS engine. The goal of OISF is to bring in new security ideas and technology innovations to the intrusion detection industry. The non-profit organization accepts contributions from both government and private sector, and initial funding comes from government sources as the firm’s main mission is to protect government records from foreign and domestic adversaries. With financial help from the U.S. Department of Homeland Security, a multi-threaded alternative to Snort was created to help secure networks against advanced security intrusions. Suricata’s multi-threaded architecture is unique as it can support high performance multi-core and multi-processor systems. The major benefits of a multi-threaded design is that it offers increased speed and efficiency in network traffic analysis and can also help divide up the IDS/IPS workload based on where the processing needs are. In addition to hardware acceleration (with hardware and network card limitations), the engine is built to utilize the increased processing power offered by the latest multi-core CPU chip sets.

Suricata overall has been developed for ease of implementation, accompanied by a step-by-step getting started documentation and user manual. The engine is also written in C and designed to scale. Although Suricata is still a new and less widespread product compared to Snort, the technology is gaining momentum among all enterprises and IT users. Increased performance, native IPv6 support, multiple model statistical anomaly detection, GPU acceleration, IP reputation, scoring thresholds, very high speed regex, and scalability are some of the major selling points for Suricata.

To summarize, Suricata, an IDS engine, delivers many benefits in combatting today’s security threats:

1. An Open Source Engine: The power of the community works well within IT security defenses, as a community is more effective than a single organization at capturing characteristics of emerging threats.
2. Multi-threaded: A multi-threaded architecture allows the engine to take advantage of the multiple core and multiprocessor architectures of today’s systems.
3. Supports IP Reputation: By incorporating reputation and signatures into its engine, Suricata can flag traffic from known bad sources.
4. Automated Protocol Detection: Preprocessors automatically identify the protocol used in a network stream and apply the appropriate rules, regardless of numerical port. The automated protocol detection also prevents user mistakes and errors which are actually more common.

Why is Suricata so Successful in Monitoring Sophisticated Types of Attacks?

Suricata is also a rule-based ID/PS engine that utilizes externally developed rule sets to monitor network traffic and provide alerts to the system administrator when suspicious events occur. Suricata also uses a “sniffer” engine to analyze traffic entering and leaving a network system. However, the multi-threading capabilities allow the sniffer to match more traffic rules quickly and apply more computing horsepower to the security process.

Designed to be compatible with existing network security components, Suricata features Unified2 output functionality and pluggable library options to accept calls from other applications. In addition, Suricata is also designed to work with the Snort rulesets. Furthermore, Suricata also integrates revolutionary techniques. The engine embeds a HTTP normalizer and parser (HTP library) that provides very advanced processing of HTTP streams, enabling the understanding of traffic on the 7th level of the OSI model.

Community Support from Tactical FLEX, Inc.

We support over 6,000 customers in more than 100 countries by delivering real-time, continuous network monitoring and by providing a wide range of product manuals, information security articles, and up-to-date how-to guides. Built with a unique Situational Awareness engine, users rely on Aanval because it provides a proactive tool to combat cyber threats and safeguard their virtual and physical assets.

Aanval continues to support both the information security and open source Snort and Suricata communities by providing users with a free non-commercial version of Aanval® that allows full functionality of a single-sensor device. Aanval is designed to work with all versions of Snort and Suricata, and can process syslog data from any device capable of external logging (file or UDP 514).

Aanval is available for download as a free Community edition, in addition to an unlimited sensor-capacity, commercially purchased and supported Snort, Suricata, and syslog license. Downloading and installing Aanval is free and takes only minutes to accomplish. Designed to work with all current Linux, Unix, and Mac OS X flavors of operating systems, you can be up, running, and viewing events within minutes. Let Aanval turn your data into actionable and comprehensive insights to reduce security risks. Free download here: Aanval Community Edition

Aanval® is the industry’s most comprehensive end-to-end SIEM-based Snort and Suricata IDS solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully integrated event management and attack data correlation engine. Learn more at

Explore the concept of a SIEM-Based Intrusion Detection System and learn the advantages of using Snort and Suricata IDS in a Security Information Event Management (SIEM) by viewing our article at

We invite you to download and experience Suricata by visiting the OISF (The Open Information Security Foundation) page at

Cyber Threats in the Hospitality Industry and How Aanval SAS Protects

Why Network Security Should Be On Top of Each Hotel and Resort Management’s List: Hospitality Sector Facing Security Challenges Due to Lack of Risk Management Plans.

“The Business Decision to Reduce Security Implementation, Maintenance, and Software Upgrades to Boost Bottom Lines During Economic Woes Opens Doors to Hackers and Data Breaches”

According to Trustwave’s 2012 Global Security Report, the hospitality industry ranked at the top of the list for data breaches and has remained on top for four consecutive years.
The hospitality sector consisting of hotels, resorts, country clubs, transportation companies, destination marketing organizations, convention centers, tour companies, cruise lines, theme parks, and restaurants is a multi-billion dollar industry and has become one the major revenue contributors to the global economy and employment sector. It is estimated that security breaches in the hospitality industry are far higher than even the financial services or retail sectors. The 2012 Verizon Communications Report also revealed that the accommodations and food service industries accounted for half of all breaches in 2011.

Hospitality: A Vulnerable Industry. Hotels and Resorts Leaving Doors Wide Open to Hackers.

It is widely acknowledged that hotels and resorts of all sizes face a storm of factors making them vulnerable to breaches. What it really comes down to it is most hotels and resorts do not have data privacy and security as priority. According to the “Hospitality Industry Risks: Data Privacy and Security” article, “hospitality businesses often prove to be an easy target for criminals who are looking for high transaction volume, a large database of customer records, a low barriers to entry. Unfortunately, many hospitality companies have not upgraded their risk management plans to address the inherent exposures associated with today’s sophisticated data management.” Furthermore, the “Data Breaches Make the Hospitality Industry Less Hospitable” article also points out that “while hotels ride out the recession, security maintenance, implementation, and upgrades fall lower in the priority checklist, creating an easy welcome mat for fraudsters.” CBS News also reported that hackers target hotels because they are easy prey and it can take a long time–on average, about five months–until hackers are discovered.

Given That Cybercriminals Have Identified the Hospitality Industry as an Easy Prey, What Can Hotels and Resorts Do to Protect Data Privacy and Security For Their Guests?

Antivirus software and firewalls will not shield and protect hotels and resorts from hackers performing security breaches inside and outside of their premises. Both management and owners should invest in a capable Intrusion Detection System (IDS) that can help monitor their network system for any suspicious traffic. IDS will help hotels quickly discover if someone is trying to hack their network security system.
For larger hotel chains and resorts, a SIEM solution would also be very effective in managing, monitoring, and securing a large network. Security experts believe that SIEM solutions that interface with a successful IDS is most suited to monitor network traffic, deliver real-time alerts, and provide effective threat management which can result in a greater security posture For example, Tactical FLEX, Inc. is among SIEM-leading suppliers that provides a very strong focus on intrusion detection for successful threat management. Aanval’s unique approach to security threat management helps organizations proactively seek out potential problems before they actualize, instead of operating in a reactive mode after attacks have occurred. 

About Tactical FLEX, Inc.

For nearly a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world. Our wide spectrum of customers demonstrates our sincere commitment to an industry that remains at the forefront of the digital evolution of the world. Information security is our business, and our customers are our greatest asset. Tactical FLEX, Inc. is a trusted security vendor protecting more than 6,000 organizations within every industry in more than 100 countries. Our product Aanval ® is the industry’s most comprehensive end-to-end SIEM-based Snort and Suricata IDS solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully-integrated event management and attack data correlation engine. Learn more about Aanval SAS™ by visiting

We invite you to visit our Industry Focus page at to find out how our products and services can aid securing your valuable assets and information. The Industry Focus website section was created to provide information security professionals a more expansive perspective on the security needs and challenges facing their industries. Every organization, regardless of specific industry, is facing similar and ever-increasing network and inter-network related security threats. Our products and services are designed not only for the important facets of the industries shown, but for every organization with a network or internet connection.

Aanval® is also available for download as a free Community edition for testing and evaluation at Let Aanval turn your security event data into actionable and comprehensive insights.

View “Hospitality Industry Risks: Data Privacy and Security” Article at

View “Data Breaches Make the Hospitality Industry Less Hospitable” Article at

Goodbye, Anti-Virus. Hello, SIEM!

This week while it was reported that McAfee plans to start layoffs in the anti-virus department, due to the lack of awareness and actual protection provided by anti-virus solutions, it was further reported that SIEM is on the rise and its necessity is here. Says Eddie Schwartz, chief information security officer at RSA, “We have to get to this idea of visibility, where security teams aren’t just waiting for new technologies, to where they are the hunters, they are the ones going out and finding threats.” Schwartz and his team “called on companies to spot SIEM technologies, so they can get internal visibility of logs, full packet inspection, as well as external information.”

Snort has been the de facto IDS engine, and no other SIEM has been available longer and under continual development for Snort logging than Aanval. Thwarting threats for nearly a decade, Aanval SAS stands as the latest build and comes loaded with a quiver of new and enhanced features, many that take the threat to network offenders, such as Offensive Reconnaissance and Rogue Host Detection.

Take control of your network and gain the visibility and situational awareness required that only Aanval easily offers.

Learn more about Aanval SAS

McAfee Layoffs and SIEM’s Endorsement

Hackers Never Sleep. Let Us Help You Secure Your Business and Ensure Complete Peace of Mind and Minimal Downtime.

“Tactical FLEX, Inc. has been providing comprehensive, professional services to support each of our customer’s needs and the information security sector in whole since 2003.”

Participating in a support service plan is an integral component of a complete IT risk management program. Tactical FLEX, Inc. provides a range of flexible support offerings backed by industry-leading expertise. Our team of knowledgeable, experienced Aanval Engineers and Developers are committed to providing timely and accurate solutions to all types of support issues. Our Support team views every support communication as an opportunity to demonstrate our commitment to customer satisfaction. You can count on us to help you get the most from your Aanval SIEM and IDS solutions investment.

Tactical FLEX, Inc. is your end-to-end security solution. Outside of our standard support options included in our Aanval SAS offerings to troubleshoot and repair Aanval console-related issues, our Engineering and Development team is on-hand to install, configure, and repair your IDS engine; install, upgrade, or optimize your Aanval console; or even lead Aanval web-based training sessions, where you can learn the ins and outs of the industry’s leading Snort, Suricata, and syslog SIEM. You can purchase these à la carte services or contact Sales or Support.

Advanced Support for Aanval SAS
Every Aanval SAS solution, in addition to standard ticket-based and chat support, includes telephone and remote support. Remote-access support provides a secure connection to your computer that we can use to help troubleshoot and resolve console problems efficiently or provide managed services for corporate networks. This capability makes remote access a very powerful and cost-effective way for you to ensure that your computer and network gets the support it needs with complete peace of mind and minimal downtime.

Business- and 24-Hour Availability
Telephone and remote support are available during standard 8 to 5 business hours for Aanval SAS, and on a 24/7 basis for Aanval SAS Enterprise.

Aanval Community Support
An email ticket-based system and chat support options are available to our Aanval Community users. Additionally, an entire range of product manuals and documentation, troubleshooting guides and FAQs, and how-tos are available by following the link below to the Aanval Wiki.

Visit Aanval Product and Service Support

Leverage Tactical FLEX, Inc. Support Services to Optimize Your Aanval Deployment.

Customer Success in our view is not limited to Technical Support and Maintenance Services Services. To ensure the success of your project, Tactical FLEX, Inc. also offers Professional Services, Educational Training Services and Custom Implementation Services.

Professional Services
Tactical FLEX, Inc. is uniquely positioned to support each of our valued customers with the information security services they need to make critical decisions, develop, deploy, configure and maintain leading-practice security implementations. Network and security architecture, intrusion analysis, systems configuration, and even Snort installation and management are only a short list of the common consulting services we regularly perform.

Give your security teams the knowledge and insight they need to get the most out of Tactical FLEX, Inc. products and services. Our highly experienced and industry-certified experts have decades of experience in the information security and technology sectors.We provide both on-site and remote training for individual analysts and security teams, as well as executive management and specific departmental needs.

Custom Implementation
Tactical FLEX, Inc. has been re-branding, co-branding, and developing customized information security systems for clients throughout the world for nearly a decade. Using internally developed software frameworks and a large base of security focused intellectual property, Tactical FLEX, Inc. can assist your organization in getting your products and services up, running, and even to market in a fraction of the time and a fraction of the cost.

Visit Services Overview

Have Product or Support Questions? Contact Us Now

Explore Aanval SAS (Situational Awareness System)

Does your SIEM have GeoLocation? Aanval SAS does. And it’s good.

Aanval SAS has an all-new mapping framework that permeates more than just the basic map display; within the Frequent Targets and Frequent Offenders displays, see a detailed map alongside that starring list, pinpointing their global location.

Simply hover the mouse over a country to highlight and name it, and hover over the site of an event (offender or target) to get their precise coordinates. 

Just how “offensive” is that location? Its red target marking its location augments as sourced events increase, so before you even look at its detailed record, you know by its size how threatening it could be.

GeoLocation is simple to set up and use, and it comes as a standard option with every Aanval package.

View the Getting Started guide at our wiki site,, or watch the video tutorial at YouTube:

Security Has Evolved Into a “Big Data” Problem. Can Your Current Security Solution Handle Big Data? Aanval SIEM-Based IDS Can Handle Big Data.

“While many traditional SIEM products, IDS, and log management solutions are still unable to keep up with big data scale due to design and performance, a major focus of Aanval is performance and scalability. Aanval is the only SIEM on the market with the ability to automatically scale to meet the needs of its environment.” 

The term “big data” is all the buzz and rage these days with IBM even estimating that 90% of the data in the world today has been created in the last two years alone. The truth is, security has evolved into a “big data” problem and many enterprises of all sizes are increasingly concerned about the issue and challenges of being able to effectively manage and analyze big data. Enterprises as a whole are gaining a better understanding of the benefits of collecting and accessing data from a variety of sources and working with larger databases in order to gain better insights on business activities, operational activities, and IT security. It is mutually agreed that information is key in making informed business decisions and improving overall security posture. However, a large percentage of businesses and organizations don’t really understand what “big data” is and how to effectively manage data. A recent study conducted by Echelon One reveals that “38% of the Security and IT Operations professionals surveyed acknowledged that they do not have a clear understanding of what big data is and that 59% of the respondents also lacked the tools to manage data from their IT systems, resorting to using separate, disparate systems and even spreadsheets.”

Enterprises today are producing more data than ever and this “big data” trend will continue to rise in the future. Although many enterprises are discovering the big value of collecting information from a variety of sources and the purpose it can serve to improve business efficiency and security posture, the explosion of data has made it more challenging for enterprises to manage and store volumes of information as well as identify security events. In retrospect, many enterprises experiencing difficulties in capturing, storing, searching, sharing, analyzing, and visualizing data information should focus on securing the right technology to help manage and make make sense of their existing data and future data growth. Aanval SIEM-based IDS can help enable enterprises of all sizes to enhance the security of their organizations and improve overall business operations. Aanval SAS (v7) is built with an accelerated real-time event processing system that handles as many as 1,500 events per second and scales beautifully with hardware to process as many as 5,000 events per second. The improved background processing systems of Aanval SAS overall are simpler, more powerful, and more capable than ever before. “Security is not a one-time purchased product, but a process that is continually changing as technology evolves, and for nearly a decade Tactical FLEX, Inc., the maker of Aanval, has been developing products and services that evolve parallel with industry and general technology advancements. Protecting, monitoring, and assisting some 6,000+ customers in more than 100 countries has made Tactical FLEX, Inc. an industry leader in developing information security tools, techniques, and strategies,” said Loyal Moses, CEO of Tactical FLEX, Inc.

View the entire Library article about Big Data at“Big_Data”_Hype_Explained

Explore Aanval SAS™ and view product screenshots at

Aanval® is also available for download as a free Community edition for testing and evaluation at Let Aanval turn your security event data into actionable and comprehensive insights.

Tactical FLEX, Inc. Debuts Aanval SAS™ Program

“With Debut of Aanval SAS™ Program, Organizations and Businesses of All Network Sizes Are No Longer Limited By Sensor Cost and Can Now Monitor Every Aspect of Their Environment.”

For organizations and enterprises with valuable data, this is a new reality. Cyber security attacks against the private and public sectors are continually evolving and targeting more and more organizations of all sizes. IT security professionals need to assess and review their current security technology tools with an eye toward the evolving security threat environment. Knowing exactly what is going on inside the network in real-time is more important than ever. Companies on the frontline of data protection and information security are responding by investing in the Aanval SAS™ solution because it provides security intelligence and offensive tools that help shore up defenses and turn data into actionable and comprehensive insights to reduce risk. Aanval SAS™ (Situational Awareness System) is the latest evolution in Aanval’s near 10-year history. Combining our advanced indexing, correlation, and reporting technology with Network Host Scanning, Rogue Host Detection, and Offensive Reconnaissance, Aanval provides an unparalleled oversight of the networks it protects.

Tactical FLEX, Inc. understands that the concept of security intelligence requires gaining visibility of all the data across your security infrastructure. The Aanval SAS Program helps support our customers’ network security deployment initiatives while delivering substantial cost savings and enhancing overall security posture. With annual unlimited sensor capacity, organizations and businesses of all network sizes are no longer limited by sensor cost and can now monitor every aspect of their environment. SMBs and large enterprises can both easily deploy an effective market-leading end-to-end network security solution that can also store nearly an unlimited number of security events within the console. Both our Aanval SAS™ and Aanval SAS™ Enterprise Editions provides an annual unlimited sensor-capacity license for Snort, Suricata, and/or syslog sensors; telephone and remote support, and maintenance, an integral component of a complete IT risk management program, providing patches, bug fixes, minor and major upgrades. Without support and maintenance service, your organization may run the risk of losing productivity and business effectiveness, should a technical issue or security issue arise.

We invite you to visit our Aanval SAS™ Product Comparison page at to learn more about our essential program tailored to meet your organization’s current security needs.

Aanval is also available for download as a free Community edition at Let Aanval SAS™ turn your data into actionable and comprehensive insights.

Need Real-Time Security Intelligence? Think Aanval. SAS™. Your Security Intelligence Solution.