Emerging Threats Inc fundamentally altered the landscape of the IDS/IPS ruleset market by offering customers operating a variety of IDS engines the ability to run a single ruleset.
ET Pro looks closely at the protocol and methods that outsiders use to communicate covertly and control computers inside an organisation. All malware operates differently, but they have exactly one thing in common, they MUST communicate with someone on the outside to take commands and return information. This is called a Command and Control Channel (C&C). The ways in which a host can get infected are innumerable, but if the C&C is monitored, every infection will be detected and from this point action can be taken dependent on theorganisations threat policy. So for example the attack can be blocked and access denied or if the system is critical a staged process of control can be implemented to minimise down time but monitor the effect of the intrusion.
Known bad IP lists: C&C servers, Spam hosts, Botnet IP’s etc.
• Policy compliance
The ET Pro Ruleset looks at things that aren’t necessarily security events, but have great threat potential. People on Facebook, people using remote control software, etc.
ET Pro lets the individual organisation’s policies dictate whether allow or deny that activity. Other rulesets don’t provide potential coverage if they deem it a non-security event, taking away that option of coverage for the end user.
• Protective marking (government security classifications)
ET Pro ruleset includes the ability to look for documents marked with US, NATO, and UK and other government standard security classifications (confidential, restricted, secret, top secret, etc).
More importantly though, ET Pro ruleset allows your software to watch the C&C and covert channels where data could ex-filtrate. This is more art than science, but ET Pro provides a “state of the art” toolkit that’s as good as it gets.
Older Snort version coverage
The ET Pro ruleset covers all versions of snort from 2.4 upwards.
The talent and technical expertise behind the Emerging Threats Pro Ruleset is the same that has provided the Emerging Threats.net project for the last 11 years. ET Pro’s team of researchers and developers have been drawn from the brightest minds in the Open Source community.
Until Emerging Threats Pro there had been little or no competition in rulesets and intelligence. This has now changed with comprehensive, malware focused coverage available whether running an older version of Snort, Current Snort, or moving to the recently launched multi-threaded Suricata IDS engine. An Emerging Threats Pro subscription will support them all.