Data Breech Security Software

I got a question from my client today...

Do you have any alarms built into your computer security that triggers if there is a data breech

Never had this one before...

Is there anything out there like that or are they asking for Intrusion Alerts from the router.

Joseph SalazarVice President - Senior IT ConsultantAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mandeep SinghDatabase AdministratorCommented:
Websense is kind of software that will help you in data breach security.
Scott ThomsonCommented:
Hi Cjoego

While Mandeep Singh is ok he has not really elaborated on his answer. But this is most likely because you have not specified in yours.

What do you mean in this cause by "data breach" because different cases may call for different software's.
trinitrotolueneDirector - Software EngineeringCommented:
File system integrity can be monitored and you can configure the monitoring software to generate an alert whenever a file is created/modified.

At the network perimeter you can install sn Intrusion Detection System to detect any network based attacks.

Let me know your requirements and I'll be happy to advise
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

trinitrotolueneDirector - Software EngineeringCommented:
There exist Intrusion Prevention Systems as well
2013 information security breaches survey: technical report
2013 information security breaches survey: executive summary

A list of popular NGFW/UTM that can help you;


I would also check latest industry standard for security best practices:
SANS Top 20 Critical Security Controls - Free
NIST Cybersecurity Framework - Free
ISF Standard of Good Practice - Cost
ISO27001 - Cost
Cobit - Cost (Free for ISACA Members)
CIS Benchmarks - free
btanExec ConsultantCommented:
I am wondering you meant "alarm" by the physical sound alarm or the alert log or error message sent out to the admin or system owner for response and escalation per se. If it is the latter Data loss Prevention (DLP) type of solution is available at network sensor (appliance) or host (with agent) installed. And also the network IDS or IPS is the norm for security devices working together with network FW and proxy.

Most of the correlation and intelligence aggregation can be done via SIEMS or equivalent analystic in built tool as well form the various of network log or netflow as part of their ingestion. one example is lanscope

Actually NSS Lab has a list of Breach Detection System (BDS) candidates as well as a wp

if you are into the physical alarm, that is probably some physical control to be planted with surveillance camera etc
trinitrotolueneDirector - Software EngineeringCommented:
Most commercially available IPSs today have the firewall and antivirus integrated.
A choice will have to be made depending on your requirements and budget constraints.

All vendors tout their wares and usually package more than the essential so do your research before taking the plunge.

You also need to check whether your systems need to meet any compliance requirements such as PCI DSS and select tools which assure you of a certain level of compliance
Mandeep SinghDatabase AdministratorCommented:
beside firewall websense give you lots of features: like USB detection system and make a log of copy, paste incidents and send them to respective team for action.

It also bind user to access only specific website defined by your team.
trinitrotolueneDirector - Software EngineeringCommented:

To add to what I already mentioned :

Credit companies have to comply with PCI-DSS in order to protect their customer data from being breached
You can read about it here

Several other standards do exist. Some of the significant ones are

As for IPS solutions and File System monitors you can check out the following to get a hang of what its all about
btanExec ConsultantCommented:
one of best means is also to step back and have tunnel all exit and entry to specific points of the Organisation. It is always easily to track with lesser windows and doors.... but of course there is still instance of thumbdrive, mobile devices (esp byod)  and wireless interface which I advocate by default disable or not allow unless authorised. Such data leaks and breaches happened almost every instance and prevalent now in even real incident in cyber space (too often.. see how target and Home depot get breached via 3rd party remote capability, weakened system, n/w interconnectivity and spoofed email to users to start infestation lifecycle...). ...slight digress ...Most allude to or stated Anti-APT (advance persistent threats) by Mandiant famous APT report and Anti-AET (Advanced evasive tech) coined by Stonesoft
Joseph SalazarVice President - Senior IT ConsultantAuthor Commented:
Thanks Everyone,

The client said alarm probably meant Alert,  I have an Astero UTM in place.

Chinese Companies are hitting that firewall Hard....Wow!!!!

I have already run a Firewall Scan and closed 4 ports that were open,

He told me he was looking specifically for a software that alerts me in case of a Breech.

trinitrotolueneDirector - Software EngineeringCommented:
Thats an IPS/IDS kind of job
btanExec ConsultantCommented:
IPS/IDS or BDS system can handle that and simply having a Web App FW and DDoS appliance can fend away those attacks, but note that if they come in SSL then better have a SSL decryptor to inspect. In short, you need deep packet inspection ... some candidate include

Solera (Blueocoat) under the Blue Coat ThreatBLADES

... in fact may just want to check back on sophos UTM Accelerated (9.2), the new SG Series Appliances, already equipped with adv threat protection etc
Module add on on top of its " Deep Layer-7 inspection (Next-Generation Firewall) ensures true application identification and has regular automatic updates. And get feedback on unclassified applications" - but probably has to equip the right h/w spec to turn on only the essentials...

Network Protection - IPSec/SSL, ATP, VPN, IPS, DoS Protection
Web Protection - URL Filtering, Application Control, Dual Engine Antivirus
Webserver Protection - Web Application Firewall, Reverse Proxy, Antivirus
trinitrotolueneDirector - Software EngineeringCommented:
IBM has a solutions in the Network Intrusion Prevention space and they use patented deep packet inspection which is different from the DPI done by other vendors. Their content servers also keep sending down regular security updates.
I believe you can customize a solution to suit your needs whether it be at an enterprise level or just a small LAN.

Most IPS vendors today have similar offerings. McAfee, Cisco and Trend Micro are the other ones to watch out for.

I don't want to be doing a sales pitch here but to answer your OP, IPS is the answer to your problem
btanExec ConsultantCommented:
coming back besides other alternative, for notification on alert e..g rule trigger or security event detected etc, via either by e-mail or SNMP trap. "smarthost" can be consider for smtp relay if FW cannot send e-mails directly

for log monitoring, you can also check out Sawmill  or SolarWinds Log & Event Manager (LEM) which can be further customised based on received info

there is even managed services for proactive monitoring
trinitrotolueneDirector - Software EngineeringCommented:
managed services is nice to have if you have the budget to fit it in. Most vendors will handle it for you and you can sit back.

Database monitoring may be sufficient and might suit tighter budgets. In such a case have a look at

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
maybe Astaro Command center may be of interest - It serves as central point where you can see information on connected devices. Alert you when a device is acting differently than it has in the past, and used for informing on the trends of devices over time, so you can see information..differing from the site baseline profile
For logs, you could use, it's excellent as data correlation and log management, I would also check splunkstorm (splunk in the cloud), Splunk has been named a leader in the 2014 Gartner Magic Quadrant for Security Information and Event Management (SIEM) for a second year in a row
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.