MICROMUSE’S NETCOOL®/NEUSECURE PROVIDES INSTANT DETECTION

17.09.05

Netcool®/NeuSecure also Facilitates Enterprise-wide Mitigation of Worm

Micromuse Inc. (Nasdaq: MUSE), the leading provider of ultra-scalable, realtime business and service assurance software today announced that its security information management and incident response platform, Netcool/NeuSecure, is able to immediately detect the effects of the Zotob worm and its variants. During the worm’s recent wildfire propagation, Netcool/NeuSecure users were pleased with how quickly they were alerted to anomalous behavior on their network.

The Netcool/NeuSecure solution immediately detects abnormal activity based on the strength of its statistical correlation engine and the depth of its default security content, which is a set of rules and templates that transforms general security best practices into actionable security alerts.

Customers using the Netcool/NeuSecure solution to collect perimeter security data during the recent Zotob worm infestation were able to detect the worm’s presence in the ‘critical hour,’ allowing security teams to proactively review the logs in depth and determine malicious activity. Additionally, Netcool/NeuSecure's default security content alerts administrators any time a perimeter firewall allows traffic to pass to specific services that have been deemed ‘dangerous.’ One of these services, for example, resides on port 445, which was the initial vector of the Zotob worm. Furthermore, when Netcool/NeuSecure’s default regulatory compliance rule sets are enabled and the worm impacts a system that is on the compliance watch list, administrators are immediately alerted to the activity via email or pager.

Additionally, Netcool/NeuSecure’s integrated investigation and response capabilities are useful in identifying which systems are infected so that clean up and patching can occur quickly and efficiently. Netcool/NeuSecure’s incident management features, including internal ticketing system and automated alerting capabilities allow security teams to notify system and network administrators of infection.


About the Zotob Worm:
Zotob, as named by antivirus firm F-Secure, uses a flaw in Microsoft Windows’ Plug-and-Play capabilities to spread to other machines. According to the Internet Storm Center, if a computer is infected with the program, the worm starts a file-transfer protocol (FTP) server and attempts to spread.

This is the first major worm since the Sasser Worm to target a vulnerability within Microsoft Windows. The worm is not expected to spread as far-flung or do as much damage as the Sasser Worm, however, because it cannot infect computers running Windows XP Service Pack 2 or Windows 2003. Additionally, any machine that blocks port 445 using a firewall is also protected.


About Netcool/NeuSecure
Netcool/NeuSecure provides a centralized security event monitoring and response platform for log aggregation, event correlation, threat analysis, threat response and forensic investigation of the enormous quantities of security event data in heterogeneous enterprise, government and service provider networks. It correlates log data files from disparate machines such as firewalls, intrusion detection systems, computer systems and routers and automatically analyzes this data to uncover legitimate threats to the enterprise. Netcool/NeuSecure allows security analysts to prioritize their investigations and focus on the mission-critical task of responding to threats as they are occurring, rather than after the damage is done. And with Netcool/NeuSecure a security team can manage threats from early detection to final resolution without ever leaving the intuitive, Web-based console.


About Micromuse
Micromuse Inc. (Nasdaq: MUSE) is the leading provider of ultra-scalable, realtime business and service assurance software solutions. The Netcool® software suite provides organizations with the assurance that their IT systems are supporting and driving profits 24 hours a day. Unlike traditional infrastructure management systems, Netcool solutions provide realtime end-to-end visibility and accurate troubleshooting from a business perspective. Such business intelligence allows organizations to respond to problems quickly, streamline workflow processes and improve business uptime. Micromuse customers include BT, Cable & Wireless, Deutsche Telekom, EarthLink, ITC^DeltaCom, JPMorgan Chase, MCI, T-Mobile, and Verizon. Headquarters are located at 139 Townsend Street, San Francisco, Calif. 94107; (415) 538-9090. The Web site is at www.micromuse.com.