Enables a fast response to security breaches through centralized auditing of the Windows security event logs

London, UK, 5 June 2002 - GFI today announced the release of LANguard Security Event Log Monitor (S.E.L.M.) 3, a host-based intrusion detection system that monitors networks for security breaches. The product analyses the network security event logs and alerts administrators of key security events in real time, thereby permitting immediate action. GFI is offering a free starter pack of GFI LANguard S.E.L.M. 3 for 1 server and 5 workstations at http://www.gfi.com/lanselm.

Offers security administrators peace of mind
GFI LANguard S.E.L.M. scans the security event logs of all Windows NT/2000/XP machines on a network, consolidates them into a central log for fast analysis and provides detailed activity reports. It alerts administrators about critical security breaches in real time, enabling them to respond immediately to high security events such as network users attempting to access shares, resources and/or data they should not view.

"Firewalls and anti-virus software alone do not provide sufficient network protection because they do not detect internal security breaches and backdoors. This is why enterprises also require an effective intrusion detection system to monitor for internal security breaches," said Nick Galea, CEO of GFI. "By continually auditing all machines on the network and issuing real-time alerts on high security events, GFI LANguard S.E.L.M. offers administrators peace of mind."

Because it performs intrusion detection by scanning the event logs, GFI LANguard S.E.L.M. is not impaired by switches, IP traffic encryption or high-speed data transfer, as are traditional network-based intrusion detection products that operate by sniffing network traffic and analyzing attack patterns.

Reduces the administrative burden
With its ability to archive all security events in a centralized location, GFI LANguard S.E.LM. eliminates the need for administrators to spend hours examining individual event logs for each server or workstation. Pre-built event viewers show all events configured into security levels, categorizing events by event type (logon, policy changes, privileges, etc.), and providing filters that make it possible to drill down to specific users, computers, event types or other variables.

In addition, GFI LANguard S.E.L.M. provides extensive reporting and forensic analysis. For example, administrators can view logon and logoff times of all network users, see which machines are attacked most frequently, and identify users who are creating too many events such as failed logons or failed object access. With these reports, administrators can obtain important information about security activity on their network.

New features in GFI LANguard S.E.L.M. 3.0
The logs scanned by GFI LANguard S.E.L.M. 3 now include the application, system, DNS server, directory services and file replication services event logs, as well as the security event logs. GFI LANguard S.E.L.M. 3 also offers increased customization and flexibility, allowing administrators to choose which types of event logs are to be retrieved per machine and which event categories should be archived.

Other new features include:

• Ability to enable correct auditing policies on all target machines automatically;
• Refined event log filtering rules;
• Colour-coded records for improved filtering methods and instant recognition of which events are of critical, low, medium, high and unclassified importance;
• Support for three types of database back-ends - Microsoft Access, Microsoft MSDE, and Microsoft SQL Server.

Specifications, pricing and availability
GFI LANguard S.E.L.M. requires no agents or client software, has no impact on network traffic, and can be scaled to networks of thousands of servers and workstations. It is available from distributors around the world or online at the GFI site. Pricing starts at US$375 for a 2 server/10 workstation package. Administrators can check whether they need GFI LANguard S.E.L.M. at http://www.gfi.com/lanselm/whylanselm.htm. For more product information and to download the free starter pack, visit http://www.gfi.com/lanselm.