The Web-based UI of Lancope’s just-released StealthWatch 4.0 IDS (intrusion detection system) platform may be a little bland, but the information it provides sizzles. The StealthWatch product line does a good job of filling the holes left by other network detection and management appliances, such as dealing with the anomalous events that occur during a virus or worm infection that hasn’t yet been cataloged — the so-called zero-day threats.New viruses attack networks and hosts with previously unseen variations of probes and assaults. StealthWatch easily picks up and displays these network anomalies, assigning each a Concern Index for prioritization of possible threats.New to StealthWatch 4.0 is the capability of not just detecting network anomalies, but also taking preventative measures. Because StealthWatch can communicate with WatchGuard and Cisco PIX (Private Internet Exchange) firewalls, it can create null routes that drop all traffic from a presumed intruder, whether outside or inside the network. I was initially concerned about an automated response from a network device, but WatchGuard equipment (for example) can ensure a human is in the loop, if so configured. Several other new enhancements to StealthWatch include refined integration with the open source Snort IDS toolkit, along with enhanced OS fingerprinting to identify almost 80 different operating systems. You can also now drill down into displayed host and network address alerts to view the underlying event affecting a device.Overall, StealthWatch does a good job of implementing new functionality into an already useful product. I look forward to more solid product construction on an already effective IDS foundation. Technology Industry