Kane Secure Enterprise Essay, Research Paper

Depending upon how the database is set up (i.e., what platform, etc.) you

may be able to use Intrusion.com’s Kane Secure Enterprise. KSE is the old

CMDS (Computer Misuse Detection System) from SAIC all dressed up in a new

interface and with some new capabilities. KSE is a statistical profiling

host based IDS that can watch for statistical patterns of access. This means

that once it gets a baseline of “normal” access by various accounts, it

“knows” that one of those accounts is acting outside of its normal profile

and alarms. That way if your hacker is masquerading as a legitimate user

(or if he/she is actually an insider with legitimate access) the departure

from normal access actions will be noticed by the KSE. Additionally, it can

be rule-based (like any other log parsing IDS) to do detection of rule

violations.